[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: AES with SHA-2
Well, the RFC does recommend that HMACs be truncated, so I wouldn't say that
the only advantage of sha-2 over sha-1 is the longer output. However, sha-1
does seem to be strong enough at present. As I have pointed out before,
people sometimes get too hung up on matching other algorithms to the
strength of AES. It's okay to use AES just for the added speed and not for
the (presumed) added security.
Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of
> joern@dfintra.f-secure.com
> Sent: Tuesday, September 25, 2001 5:17 PM
> To: ipsec@lists.tislabs.com
> Subject: Re: AES with SHA-2
>
>
> At 15:15 25.09.2001 -0400, you wrote:
>
> >Hi all&
> >
> >
> >
> > I wonder what the consensus is on using SHA-2
> with AES for
> > ESP. Are you all implementing such a transform? Do you plan to?
> >
> >
> >
> >Thanks!
> >
> >
> >
> >Josh Shaul
>
> No, we're not. What's the point of using sha-2 in ESP anyway?
> We are using a truncated (96 bits) output of sha-1 or md5 today.
> Using sha-2-96 would be utterly pointless, because the only
> advantage of sha-2 over sha-1 is the longer output.
>
> Before you plan anything, you should wonder how many bits you want.
> More than 96 bit, apparently. But how much more? Then, wouldn't
> sha-1-128 or sha-1-160 be enough for you?
>
> I'm happy with 96 bits.....
>
> Jörn Sierwald
>
>
>
>
Follow-Ups: