[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NIST publishes new DSA draft
Just a quibble. Truncating sha-256 down to 224 bits does not give the
same output as sha-224, as sha-256 and sha-224 use different
initialization vectors. So "truncated sha-256" and "sha-224" really
would be totally different hash values.
No comment on the rest of what you say.
Tony Hansen
tony@xxxxxxx
David Shaw wrote:
> I understand the argument about wanting 128 bits of security, but
> since the new DSA allows a 224 bit q, there just isn't room for 128
> bits of security. Whether we truncate SHA-256 and call it "truncated
> SHA-256" or truncate SHA-256 and call it "SHA-224", we have to
> truncate.