Hi Torben, In discussion with our security folks, we felt that SHA-256 was more secure. Of course there's a trade-off to be made about hash size as well as choice of hashing algorithm.
The improved security of SHA-256 doesn't (only) come from its increased output size. A truncated SHA-256 benefits from the enhanced compression function used in the SHA-2 family of hash functions. thanks, Jochen On Wed, Feb 3, 2010 at 6:46 AM, Torben Weis <[email protected]> wrote: > Hi, > while implementing federation for the C++ server, I realized that wave uses > SHA256 for the rolling hash and then keeps only the first 20 bit. > ---------------------------------------------------------------------- > > /** > > * Utility class for creating Hashed Versions with Crypto dependencies, this > is intented > > * for "full" i.e. not lightweight implementations. > > */ > > public class HashedVersionFactoryImpl extends HashedVersionZeroFactoryImpl { > > /** The first N bits of a SHA-256 hash are stored in the hash must be <= > 256 */ > > private static final int HASH_SIZE_BITS = 160; > > ---------------------------------------------------------------------------- > > Why? In this case you could have used SHA1 in the first place. Is there any > attack vector against SHA1 that cannot be used against > SHA256_crippled_to_160 ? > Or is this an attempt to save 96 bits? In this case better drop XMPP and > donate some of the saved bits to SHA256 :-) > Torben > > -- > You received this message because you are subscribed to the Google Groups > "Wave Protocol" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/wave-protocol?hl=en. > -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
