At 12:24 PM +0100 1/12/09, Weger, B.M.M. de wrote: >When in 2012 the winner of the >NIST SHA-3 competition will be known, and everybody will start >using it (so that according to Peter's estimates, by 2018 half >of the implementations actually uses it), do we then have enough >redundancy?
No offense, Benne, but are serious? Why would "everybody" even consider it? Give what we know about the design of SHA-2 (too little), how would we know whether SHA-3 is any better than SHA-2 for applications such as digital certificates? In specific, if most systems have implemented the whole SHA-2 family by the time SHA-3 is settled, and then there is a problem found in SHA-2/256, I would argue that it is probably much more prudent to change to SHA-2/384 than to SHA-3/256. SHA-2/384 will most likely be much than to SHA-3/256, but it will have had significantly more study. It all depends on who you trust and why. --Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
