[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NIST publishes new DSA draft
No, it is not the same output, but it is the same amount of security.
Which hash and which IV doesn't matter here - just that the end result
is 224 bits long.
David
On Mon, Mar 20, 2006 at 04:08:28PM -0500, Tony Hansen wrote:
>
> Just a quibble. Truncating sha-256 down to 224 bits does not give the
> same output as sha-224, as sha-256 and sha-224 use different
> initialization vectors. So "truncated sha-256" and "sha-224" really
> would be totally different hash values.
>
> No comment on the rest of what you say.
>
> Tony Hansen
> tony@xxxxxxx
>
> David Shaw wrote:
> > I understand the argument about wanting 128 bits of security, but
> > since the new DSA allows a 224 bit q, there just isn't room for 128
> > bits of security. Whether we truncate SHA-256 and call it "truncated
> > SHA-256" or truncate SHA-256 and call it "SHA-224", we have to
> > truncate.