[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Philipp Gühring pg at futureware.at
Wed Jun 4 17:13:56 CEST 2014


My guess is that those hash algorithms that leak all their internal state will also be a better target for pre-image and collission and similar attacks, than those where you do not get the full state.

ianG <iang at iang.org> schrieb:
>On 4/06/2014 14:14 pm, Philipp Gühring wrote:
>> Hi,
>> I dont't mind dropping *256, but I currently believe that SHA384 is
>> only secure hash in the SHA2 family, all other hashes leak their
>> complete internal state. Length-Extension-Attack...
>Point.  But, is a length extension attack relevant to HMAC use? 
>the HMAC shield from this very attack?
>Ach mailing list
>Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140604/03fa1a62/attachment.html>

More information about the Ach mailing list