On 8/08/2015 23:48 pm, ianG wrote:
http://www.metzdowd.com/pipermail/cryptography/2015-August/026238.html
From: Krisztián Pintér <pinterkr(_at_)gmail(_dot_)com>
...
so to save the day, they added the SHAKE instances as a workaround.
they are pretty much what SHA3 should have been. if you don't
understand how a sponge works, you are very much free to use the SHA3
instances. but if you want to do actual cryptography, you should
choose the SHAKE's.
Which I think can be interpreted as suggestion to use SHAKE256, instead
of the SHA3-xxx.
A potential advantage of that is that the algorithm expands, so we don't
need to specify truncation any more.
Just call it with a range of set params for 'd':
keyId: 32
fingerprint: 100, 150
hash: 256.
(by way of example) Is there any known advantage of the smaller lengths
being subsets of the larger?
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp