[14869] in cryptography@c2.net mail archive
Re: origin of SHA 224 initial hash values
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Dec 7 00:44:39 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Jeroen C.van Gelderen" <jeroen@vangelderen.org>
Cc: Jeremiah Rogers <jeremiah@kingprimate.com>,
crypto list <cryptography@metzdowd.com>
In-Reply-To: Your message of "Sat, 06 Dec 2003 14:36:35 EST."
<80CA5A5D-2823-11D8-94A5-00039375644C@vangelderen.org>
Date: Sat, 06 Dec 2003 20:05:08 -0500
In message <80CA5A5D-2823-11D8-94A5-00039375644C@vangelderen.org>, "Jeroen C.va
n Gelderen" writes:
>
>On Dec 6, 2003, at 3:26, Jeremiah Rogers wrote:
>
>> I'm having trouble pinpointing the origin of the initial hash values
>> for SHA 224 and, for that matter, 128. These values are defined as hex
>> representations of cube roots of primes for sha-1 of lengths 256, 384
>> and 512, but I can't find where they were obtained for the shorter
>> lengths.
>>
>> Thanks and apologies if this is something well known.
>
>I'd like to second this request for clarification.
>
>I noted that 224 yields a security level identical to 2-key Triple DES.
>
>A quick Google search reveals that SHA-224 is mentioned a few times, in
> draft-ietf-pkix-rsa-pkalgs-01.txt
> draft-ietf-smime-cms-rsa-kem-01.txt
>among others.
You've nailed it -- that's precisely why SHA-224 is being defined, to
match 2-key 3DES.
There's another Internet draft that's likely of interest to this group:
'Determining Strengths For Public Keys Used For Exchanging Symmetric Keys '
<draft-orman-public-key-lengths-06.txt>. The draft is in IETF Last
Call until 2 January; please email any comments to iesg@ietf.org.
Wearing my IETF Security Area Director hat,
--Steve Bellovin, http://www.research.att.com/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
