On Mon, Jul 06, 2020 at 12:18:03PM -0700, [email protected] wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the CBOR Object Signing and Encryption WG of the > IETF. > > Title : CBOR Object Signing and Encryption (COSE): Hash > Algorithms > Author : Jim Schaad > Filename : draft-ietf-cose-hash-algs-05.txt > Pages : 12 > Date : 2020-07-06 > > Abstract: > The CBOR Object Signing and Encryption (COSE) syntax > [I-D.ietf-cose-rfc8152bis-struct] does not define any direct methods > for using hash algorithms. There are, however, circumstances where > hash algorithms are used, such as indirect signatures where the hash > of one or more contents are signed, and X.509 certificate or other > object identification by the use of a fingerprint. This document > defines a set of hash algorithms that are identified by COSE > Algorithm Identifiers. >
> "Unlike the SHA-2 hash functions, no algorithm identifier is created > for shorter lengths. The length of the hash value stored is 128-bits > for SHAKE-128 and 256-bits for SHAKE-256." 128-bits seems rather short, given that 128-bit collisions can be generated with ~2^64 work using generic methods. And these are adverised as cryptographic hashes, not just checksums/filters. SHAKE-128 (SHAKE-256) itself maxes out at 128 (256) bit collision and preimage resistance, so to get all out of it, one needs at least 256 (512) bit output. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
