[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]
pg at futureware.at
Wed Jun 4 17:13:56 CEST 2014
My guess is that those hash algorithms that leak all their internal state will also be a better target for pre-image and collission and similar attacks, than those where you do not get the full state.
ianG <iang at iang.org> schrieb:
>On 4/06/2014 14:14 pm, Philipp Gühring wrote:
>> I dont't mind dropping *256, but I currently believe that SHA384 is
>> only secure hash in the SHA2 family, all other hashes leak their
>> complete internal state. Length-Extension-Attack...
>Point. But, is a length extension attack relevant to HMAC use?
>the HMAC shield from this very attack?
>Ach mailing list
>Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach