HANSEN, TONY L <tony(_at_)att(_dot_)com> writes:
FIPS 180-4 also defines SHA2-512/224 and SHA2-512/256. Should they be
added to the table?
SHA2-512/224 protects roughly 112 bits of security, so it would be fine
for TripleDES, but not much else. I would say it is not needed.
SHA2-512/256 works great on a 64-bit machine, but is a lot slower than
SHA2-256 on a 32-bit machine and protects 128 bits of security. I don't
really care if it gets used or not. I am guessing that 8-bit and 16-bit
implementations will care a lot more.
FIPS 202 also defines four cryptographic hash functions (SHA-3) and two
extensible-output functions (XOFs) called SHAKE128 and SHAKE256. All of
the SHA-3 family of hashes are very slow in software, but could be
effectively implemented in hardware. The one thing we know as a result
of the SHA-3 bake-off is that SHA-2 is a lot stronger than we thought
and we do not yet really need SHA-3. That said, if you want to add
agility to OpenPGP, you could define SHA3-256 and SHA3-512 code points.
I see little point in any of the other alternatives.
-- Mark
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp