[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: SHA-224

To: Russ Housley <housley@xxxxxxxxxxxx>, Tim Polk <tim.polk@xxxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: WG Last Call: SHA-224
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Mon, 29 Mar 2004 06:44:51 -0800
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 8:21 AM -0500 3/29/04, Russ Housley wrote:

I understand that the computation expense is the same as SHA-256. However, as you point out, there are times that a shorter hash value is desirable.

Do we agree that the only times where it is desirable is in severely bandwidth-restricted environments? Or am I missing some other scenario?

I would be willing to add a paragraph to the security considerations that point out the equal computational cost for SHA-256 if that would make you feel better.

That's not necessary, and it isn't really a security consideration. My preference would be that the document include advice to protocol designers about when this is and is not a useful algorithm; without that, designers might think they understand its usefulness when they don't. That's why I proposed:

This document would be well-served to have an additional paragraph explaining that systems that use TripleDES and need a matching hash algorithm SHOULD use SHA-256, not SHA-224, unless they are in severely bandwidth-restricted environments.


--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: WG Last Call: SHA-224
  - From: Russ Housley

References:
- WG Last Call: SHA-224
  - From: Tim Polk
- Re: WG Last Call: SHA-224
  - From: Russ Housley

Prev by Date: Re: WG Last Call: SHA-224
Next by Date: Re: WG Last Call: SHA-224
Previous by thread: Re: WG Last Call: SHA-224
Next by thread: Re: WG Last Call: SHA-224
Index(es):
- Date
- Thread