Hi,
while implementing federation for the C++ server, I realized that wave uses
SHA256 for the rolling hash and then keeps only the first 20 bit.
----------------------------------------------------------------------
/**
* Utility class for creating Hashed Versions with Crypto dependencies, this
is intented
* for "full" i.e. not lightweight implementations.
*/
public class HashedVersionFactoryImpl extends HashedVersionZeroFactoryImpl {
/** The first N bits of a SHA-256 hash are stored in the hash must be <=
256 */
private static final int HASH_SIZE_BITS = 160;
----------------------------------------------------------------------------
Why? In this case you could have used SHA1 in the first place. Is there any
attack vector against SHA1 that cannot be used against
SHA256_crippled_to_160 ?
Or is this an attempt to save 96 bits? In this case better drop XMPP and
donate some of the saved bits to SHA256 :-)
Torben
--
You received this message because you are subscribed to the Google Groups "Wave
Protocol" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/wave-protocol?hl=en.
