lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Apr 2015 09:20:43 +0000
From: Peter Gutmann <>
To: "" <>
Subject: RE: [PHC] OMG we have benchmarks

<> writes:

>I never understood why some bureaucrats at the NIST decided that four was too
>much, but three would be great, and then gave us the useless variant with 192-
>bit keys(*), instead of a 256-bit block size. This is one of the worst
>cryptographic choices the NIST ever made(**),

The SHA-2 mess wasn't so good either, we've ended up with:

SHA-256: Standard replacement for the universal hash, SHA-1.

SHA-512: SHA-256 for people with 64-bit processors and PDU space to waste.

SHA-also-ran: The 384-bit one that (presumably) the NSA demanded for Suite B,
              but which has no other reason for existence.

SHA-glue-factory-candidate: The 224-bit one that was created because someone
              at NIST had a few too many at one of the RSA conference 
              hospitality suites and bet a co-worker that they could get any 
              old rubbish into the SHA family [0].


[0] Complete fiction, but it makes as much, or little, sense as any other

Powered by blists - more mailing lists