David Crick wrote:
How hard-coded do we want/need to make the[se] cipher-hash-curve
combinations? For Suite B compatibility/marketability we need
them "fixed" (especially in light of pointing out the higher
relative MAY cipher size) and the hash fixed as SHA2 (as opposed
to, say, a hypothetical Whirlpool; SHA3 could be added later).
Me: hardcoded. Nobody ever showed that SHA wasn't good
enough for the job * and NIST/NSA is happy with it, until 2012.
(I don't expect everyone to agree though :)
I noticed that there is this discussion to use Suite B for
other purposes (variously, ECC is cool, speed,
Euro-profiles, mobile, smart cards, HSMs, ... etc). That is
bad, to my mind. This is a profile proposed for Suite B and
that's what it should do: Suite B.
If the Europeans want to propose a EuroSuite, let them.
Let's not jump on the bandwagon and make the profile
all-things-for-all-humanity.
iang
* to a 99% confidence level. SHA0 was the 1%. The rest is
crypto-academic stuff which shouldn't impact actual use.