Out of pure curiosity -
I have recently been told that all existing/used protocols had been
designed without taking into account the eventual need to adapt to new
hash lengths. How true is that ? It seems to be a topic of concern for
some people since all commonly used hashes have been broken last year.
I'm wondering if TLS really falls into that category of "all
existing/used protocols"...
Jason Resch wrote:
A new standard is currently under development (Do a search on: FIPS
186-3) which specifies the use of longer length hashes, including
SHA-224, SHA-256, SHA-384, and SHA-512 as a hash function, therefore q
would be of size 224, 256, 384, and 512 bits respectively. The
signature sizes would be double the size of q for each case.
To have a signature length of 192 bits would require q be 192/2 or 96
bits long. This is considerably smaller than the length of even MD5
hashes, and therefore would not provide a great deal of security.
Jason
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
Alain Damiral,
I hope this message makes me look like a very intelligent person
Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]