| > NIST is proposing a change notice for FIPS 180-2, the Secure Hash Standard | > that will specify an additional hash function, SHA-224, that is based on | > SHA-256. The change notice is available at | > http://csrc.nist.gov/publications/drafts.html. NIST requests comments for | > the change notice by January 16, 2004. Comments should be addressed to | > [EMAIL PROTECTED] | | Does anyone know what the story is behind this? It seems to be the | same sort of relationship that SHA-384 has to SHA-512 - that is, the | same basic algorithm, the same amount of work to calculate it, but | with different initial values, and some bits chopped off at the end. | It all seems a lot of effort just to save 4 bytes in the final hash. I'd guess that this is part of an effort to define hashes "equivalent in strength" to various standardized ciphers. Because of birthday attacks, in some sense the security of an n-bit hash is comparable to that of an n/2-bit cipher. So SHA-256, -384, and -512 are intended to match the three supported AES key sizes of 128, 196, and 256 bits. SHA-224 then comes out to match 2-key 3-DES. -- Jerry
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
