[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Philipp Gühring pg at futureware.at
Wed Jun 4 15:14:34 CEST 2014


I dont't mind dropping *256, but I currently believe that SHA384 is the only secure hash in the SHA2 family, all other hashes leak their complete internal state. Length-Extension-Attack...
>From security point of view, I would drop SHA2-256 and SHA2-512, and promote SHA2-384.
But I do not know what that means interoperability-wise.

Best regards,
Philipp Gühring

Adi Kriegisch <adi at kriegisch.at> schrieb:
>> My vote: drop *256 and SHA384. 
>fine for me!
>-- Adi 
>Ach mailing list
>Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140604/c41169ac/attachment.html>

More information about the Ach mailing list