| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Feb 2020 08:39:37 -0800
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Ken Goldman <kgold@...ux.ibm.com>,
Eric Biggers <ebiggers@...nel.org>,
Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Cc: herbert@...dor.apana.org.au, davem@...emloft.net,
zohar@...ux.ibm.com, dmitry.kasatkin@...il.com, jmorris@...ei.org,
serge@...lyn.com, linux-crypto@...r.kernel.org,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] crypto: sm3 - add a new alias name sm3-256
On Mon, 2020-02-10 at 11:30 -0500, Ken Goldman wrote:
> On 2/9/2020 10:17 PM, Eric Biggers wrote:
> > According to https://tools.ietf.org/id/draft-oscca-cfrg-sm3-01.html
> > ,
> > SM3 always produces a 256-bit hash value. E.g., it says:
> >
> > "SM3 produces an output hash value of 256 bits long"
> >
> > and
> >
> > "SM3 is a hash function that generates a 256-bit hash value."
> >
> > I don't see any mention of "SM3-256".
> >
> > So why not just keep it as "sm3" and change hash_info.c instead?
> > Since the name there is currently wrong, no one can be using it
> > yet.
>
> Question: Is 256 bits fundamental to SM3?
No.
> Could there ever be a
> variant in the future that's e.g., 512 bits?
Yes, SM3 like SHA-3 is based on a 512 bit input blocks. However,
what's left of the standard:
https://www.ietf.org/archive/id/draft-sca-cfrg-sm3-02.txt
Currently only defines a 256 output (via compression from the final 512
bit output). In theory, like SHA-3, SM3 could support 384 and 512
output variants. However, there's no evidence anyone is working on
adding this.
James
Powered by blists - more mailing lists