> -----Original Message-----
> From: COSE <[email protected]> On Behalf Of Ilari Liusvaara
> Sent: Monday, July 6, 2020 1:37 PM
> To: [email protected]
> Subject: Re: [COSE] I-D Action: draft-ietf-cose-hash-algs-05.txt
>
> On Mon, Jul 06, 2020 at 12:18:03PM -0700, [email protected] wrote:
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
directories.
> > This draft is a work item of the CBOR Object Signing and Encryption WG
of
> the IETF.
> >
> > Title : CBOR Object Signing and Encryption (COSE):
Hash
> Algorithms
> > Author : Jim Schaad
> > Filename : draft-ietf-cose-hash-algs-05.txt
> > Pages : 12
> > Date : 2020-07-06
> >
> > Abstract:
> > The CBOR Object Signing and Encryption (COSE) syntax
> > [I-D.ietf-cose-rfc8152bis-struct] does not define any direct methods
> > for using hash algorithms. There are, however, circumstances where
> > hash algorithms are used, such as indirect signatures where the hash
> > of one or more contents are signed, and X.509 certificate or other
> > object identification by the use of a fingerprint. This document
> > defines a set of hash algorithms that are identified by COSE
> > Algorithm Identifiers.
> >
>
>
> > "Unlike the SHA-2 hash functions, no algorithm identifier is created
> > for shorter lengths. The length of the hash value stored is 128-bits
> > for SHAKE-128 and 256-bits for SHAKE-256."
>
> 128-bits seems rather short, given that 128-bit collisions can be
generated with
> ~2^64 work using generic methods. And these are adverised as cryptographic
> hashes, not just checksums/filters.
>
> SHAKE-128 (SHAKE-256) itself maxes out at 128 (256) bit collision and
preimage
> resistance, so to get all out of it, one needs at least 256
> (512) bit output.
That makes sense.
Jim
>
>
>
> -Ilari
>
> _______________________________________________
> COSE mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
