[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]
Philipp Gühring
pg at futureware.at
Wed Jun 4 15:14:41 CEST 2014
Hi,
I dont't mind dropping *256, but I currently believe that SHA384 is the only secure hash in the SHA2 family, all other hashes leak their complete internal state. Length-Extension-Attack...
>From security point of view, I would drop SHA2-256 and SHA2-512, and promote SHA2-384.
But I do not know what that means interoperability-wise.
Best regards,
Philipp Gühring
Adi Kriegisch <adi at kriegisch.at> schrieb:
>Hey!
>
>> My vote: drop *256 and SHA384.
>fine for me!
>
>-- Adi
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ach mailing list
>Ach at lists.cert.at
>http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140604/af40b270/attachment.html>
More information about the Ach
mailing list