On Fri, May 27, 2011 at 1:51 PM, Michael Chen <[email protected]> wrote: > Hi, > > In the base-13 draft section 10.1, it mandates the support of SHA1 and > SHA256 self-signed digest for generating NodeId. However, in the same > section, it also defines the "node-id-length" to be no more than 160 > bits (SHA1). This means if SHA256 is used, the NodeId will be truncated > to 160 bit or less. > > Why mandate a crippled SHA256 that offers no added strength than SHA1?
I don't believe this is true. There is ample evidence that SHA-1 is substantially weaker than its output length, whereas a truncated SHA-256 is quite possibly (likely?) stronger. -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
