On Oct 5, 2013, at 11:54 AM, [email protected] wrote: > Jerry Leichter wrote: >> Currently we have SHA-128 and SHA-256, >but exactly why one should choose >> one or >the other has never been clear - SHA-256 is >somewhat more >> expensive, but I can't >think of any examples where SHA-128 >would be >> practical but SHA-256 would not. >In practice, when CPU is thought to be an >> >issue (rightly or wrongly), people have >gone with RC4 - standards be >> damned. > > SHA-224/256 (there is no SHA-128) use 32-bit words, SHA-384/512 uses 64-bit > words. That difference is indeed a very big deal in embedded device > applications. SHA-3 uses only 64-bit words, which will likely preclude it > being used in most embedded devices for the foreseeable future. Oops - acronym confusion between brain and keyboard. I meant to talk about AES-128 and AES-256. -- Jerry
_______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
