Joachim Strömbergson <[email protected]> writes: > For SHA-1 the H0 constants are a simple sequence pattern and according > to Thomas actually comes from MD5.
> (From sha1.c in Nettle): > > /* SHA initial values */ > 0x67452301L, > 0xEFCDAB89L, > 0x98BADCFEL, > 0x10325476L, > 0xC3D2E1F0L, The first four values are the same as for md5. The final value is unique to sha1. > The H0-values for SHA-224 is actually the low 32-bits of the H0-values > for SHA-384. Interesting, I hadn't noticed that. > We should therefore be able to update the shadata program to generate > the SHA-224 constants. The reason sha512 and sha384 aren't generated by shadata.c, is that the needed precision exceeds what can be expected from a C double. And for sha224, if it had been the *high* 32 bits, double would have been enough. Now that we include mini-gmp, I guess one could make use of that to compute the needed roots to high enough precision. > Suggestion: Change the comments in sha256.c (for sha224) to point to the > origin of the constants. And also add a short comment in sha1.c and > md5.c that the constants are simple patterns. I've added comments for sha1 and sha224. > According to Thomas the sequence pattern in md5 was choosen by Rivest > quite arbitrarily. Not much to comment there... Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
