No, it is not the same output, but it is the same amount of security.
Which hash and which IV doesn't matter here - just that the end result
is 224 bits long.
David
On Mon, Mar 20, 2006 at 04:08:28PM -0500, Tony Hansen wrote:
Just a quibble. Truncating sha-256 down to 224 bits does not give the
same output as sha-224, as sha-256 and sha-224 use different
initialization vectors. So "truncated sha-256" and "sha-224" really
would be totally different hash values.
No comment on the rest of what you say.
Tony Hansen
tony(_at_)att(_dot_)com
David Shaw wrote:
I understand the argument about wanting 128 bits of security, but
since the new DSA allows a 224 bit q, there just isn't room for 128
bits of security. Whether we truncate SHA-256 and call it "truncated
SHA-256" or truncate SHA-256 and call it "SHA-224", we have to
truncate.