ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: NIST publishes new DSA draft

2006-03-20 14:30:39
from [Tony Hansen] [Permanent Link] 

Just a quibble. Truncating sha-256 down to 224 bits does not give the
same output as sha-224, as sha-256 and sha-224 use different
initialization vectors. So "truncated sha-256" and "sha-224" really
would be totally different hash values.

No comment on the rest of what you say.

        Tony Hansen
        tony(_at_)att(_dot_)com

David Shaw wrote:

I understand the argument about wanting 128 bits of security, but
since the new DSA allows a 224 bit q, there just isn't room for 128
bits of security.  Whether we truncate SHA-256 and call it "truncated
SHA-256" or truncate SHA-256 and call it "SHA-224", we have to
truncate.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NIST publishes new DSA draft, David Shaw
Next by Date:  Re: NIST publishes new DSA draft, David Shaw
Previous by Thread:  Re: NIST publishes new DSA draft, David Shaw
Next by Thread:  Re: NIST publishes new DSA draft, David Shaw
Indexes:  [Date] [Thread] [Top] [All Lists]