lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <SN4PR0401MB36637D914CAB78B2B104A73EC3180@SN4PR0401MB3663.namprd04.prod.outlook.com>
Date:   Tue, 11 Feb 2020 07:56:04 +0000
From:   "Van Leeuwen, Pascal" <pvanleeuwen@...bus.com>
To:     Ken Goldman <kgold@...ux.ibm.com>
CC:     "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 1/2] crypto: sm3 - add a new alias name sm3-256

> -----Original Message-----
> From: linux-crypto-owner@...r.kernel.org <linux-crypto-owner@...r.kernel.org> On Behalf Of Ken Goldman
> Sent: Monday, February 10, 2020 7:03 PM
> Cc: linux-crypto@...r.kernel.org; linux-integrity@...r.kernel.org; linux-security-module@...r.kernel.org; linux-
> kernel@...r.kernel.org
> Subject: Re: [PATCH 1/2] crypto: sm3 - add a new alias name sm3-256
>
> <<< External Email >>>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the
> sender/sender address and know the content is safe.
>
>
> On 2/10/2020 12:01 PM, Van Leeuwen, Pascal wrote:
> > Well, the current specification surely doesn't define anything else and is
> > already over a decade old. So what would be the odds that they add a
> > different blocksize variant_now_  AND still call that SM3-something?
>
> I just got a note from a cryptographer who said there were discussions
> last year about a future SM3 with 512 bit output.
>
> Given that, why not plan ahead and use sm3-256?  Is there any downside?
> Is the cost any more than 4 bytes in some source code?
>

It is actually exported as "sm3" by all implementations, it's just this one reference that was off.
So fixing that one reference is less effort than fixing all implementations.
I don't think anyone cares about the 4 bytes of source code ...

As for SM3-512: that would by silly, considering recent attacks found against similar
Merkle-Darmgard structures.  Then again, I'm not talking to Chinese cryptographers.
In any case, what would be the problem with having "sm3" and "sm3-512"?
Note that nobody in the world refers to the current SM3 as "SM3-256".

Regards,
Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953

Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.


** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. **

Rambus Inc.<http://www.rambus.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ