Jakob Bohm <jb-openssl-Ov0D3Su7/I/qt0dzr+a...@public.gmane.org> writes:
[...] > I did mention that in passing under my item 2 (where I mentioned use > of 192-bit-truncated-SHA-224 as one allowed 192 bit hash algorithm for > use with ECDSA-192). OK, sorry, I missed that. > I don't remember if the current FIPS-180 actually allows truncating to > (below) the size of the next smaller standard SHA-2 variant, though > there may be a special case allowing 160-bit-truncated-SHA-224 for use > in former SHA-1 applications. My reading of FIPS 180-4 (section 7) is that it does allow quite general truncation. (I skipped to section 7, though, so perhaps that's restricted elsewhere.) FIPS 186-3 seems to permit larger digest sizes to be used (section 4.2), It is recommended that the security strength of the (L, N) pair and the security strength of the hash function used for the generation of digital signatures be the same unless an agreement has been made between participating entities to use a stronger hash function. (it goes on to describe the truncation to be performed). For Federal Government entities other than CAs it gives specific combinations to be used, and similarly for CAs. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org