lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Apr 2015 09:20:43 +0000 From: Peter Gutmann <pgut001@...auckland.ac.nz> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: RE: [PHC] OMG we have benchmarks <Stefan.Lucks@...-weimar.de> writes: >I never understood why some bureaucrats at the NIST decided that four was too >much, but three would be great, and then gave us the useless variant with 192- >bit keys(*), instead of a 256-bit block size. This is one of the worst >cryptographic choices the NIST ever made(**), The SHA-2 mess wasn't so good either, we've ended up with: SHA-256: Standard replacement for the universal hash, SHA-1. SHA-512: SHA-256 for people with 64-bit processors and PDU space to waste. SHA-also-ran: The 384-bit one that (presumably) the NSA demanded for Suite B, but which has no other reason for existence. SHA-glue-factory-candidate: The 224-bit one that was created because someone at NIST had a few too many at one of the RSA conference hospitality suites and bet a co-worker that they could get any old rubbish into the SHA family [0]. Peter. [0] Complete fiction, but it makes as much, or little, sense as any other explanation.
Powered by blists - more mailing lists