[147521] in cryptography@c2.net mail archive
Re: [Cryptography] Sha3
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Sat Oct 5 16:58:53 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <1865515167-1380988454-cardhu_decombobulator_blackberry.rim.net-528560325-@b28.c9.bise6.blackberry>
Date: Sat, 5 Oct 2013 12:16:13 -0400
To: radix42@gmail.com
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Oct 5, 2013, at 11:54 AM, radix42@gmail.com wrote:
> Jerry Leichter wrote:
>> Currently we have SHA-128 and SHA-256, >but exactly why one should choose one or >the other has never been clear - SHA-256 is >somewhat more expensive, but I can't >think of any examples where SHA-128 >would be practical but SHA-256 would not. >In practice, when CPU is thought to be an >issue (rightly or wrongly), people have >gone with RC4 - standards be damned.
>
> SHA-224/256 (there is no SHA-128) use 32-bit words, SHA-384/512 uses 64-bit words. That difference is indeed a very big deal in embedded device applications. SHA-3 uses only 64-bit words, which will likely preclude it being used in most embedded devices for the foreseeable future.
Oops - acronym confusion between brain and keyboard. I meant to talk about AES-128 and AES-256.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
