David Crick wrote:
How hard-coded do we want/need to make the[se] cipher-hash-curve combinations? For Suite B compatibility/marketability we need them "fixed" (especially in light of pointing out the higher relative MAY cipher size) and the hash fixed as SHA2 (as opposed to, say, a hypothetical Whirlpool; SHA3 could be added later).
Me: hardcoded. Nobody ever showed that SHA wasn't good enough for the job * and NIST/NSA is happy with it, until 2012.
(I don't expect everyone to agree though :)I noticed that there is this discussion to use Suite B for other purposes (variously, ECC is cool, speed, Euro-profiles, mobile, smart cards, HSMs, ... etc). That is bad, to my mind. This is a profile proposed for Suite B and that's what it should do: Suite B.
If the Europeans want to propose a EuroSuite, let them. Let's not jump on the bandwagon and make the profile all-things-for-all-humanity.
iang* to a 99% confidence level. SHA0 was the 1%. The rest is crypto-academic stuff which shouldn't impact actual use.