[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES with SHA-2

To: <andrew.krywaniuk@alcatel.com>
Subject: Re: AES with SHA-2
From: "Perry E. Metzger" <perry@piermont.com>
Date: 02 Oct 2001 13:44:18 -0400
Cc: <joern@dfintra.f-secure.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <002101c14ad1$14537a80$1e72788a@andrewk3.ca.newbridge.com>
References: <002101c14ad1$14537a80$1e72788a@andrewk3.ca.newbridge.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

"Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> writes:
> Well, the RFC does recommend that HMACs be truncated, so I wouldn't say that
> the only advantage of sha-2 over sha-1 is the longer output.

Truncation can actually increase security against brute force attack
depending on how it is used. Mere use of truncation to the same number
of bits does not mean that SHA-1 is necessarily the same security as
the newer hashes.

Perry

References:

RE: AES with SHA-2

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: RE: Notify SPI field specifications
Next by Date: I-D ACTION:draft-ietf-ipsec-ike-monitor-mib-03.txt
Prev by thread: RE: AES with SHA-2
Next by thread: RE: Notify SPI field specifications
Index(es):
- Main
- Thread