Re: draft-harris-ssh-rsa-kex-02 and a possible future change

To: bjh21%bjh21.me.uk@localhost, ietf-ssh%netbsd.org@localhost
Subject: Re: draft-harris-ssh-rsa-kex-02 and a possible future change
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Fri, 08 Jul 2005 13:32:11 +1200

Ben Harris <bjh21%bjh21.me.uk@localhost> writes:

>I don't imagine that either of these will be controversial.

They are :-).  An SHA-2 discussion has just finished on the S/MIME list, where
the choice was MUST SHA-256, MAY the others.  The reason for this is that
SHA-512, being targeted at register-rich 64-bit CPUs, is horrible to implement
on the majority of current CPUs, which are neither register-rich (x86), nor
64-bit (any low-power embedded system).  In fact the hardware with 95% or
whatever of the market share (AMD/Intel x86) fails to meet both of these
requirements.

The other point is that there's no strong argument for -512 instead of -256.
The only reason for having it at all is to match large ECC and DLP field sizes
for DSA/ECC signatures, which is hardly a consideration in this case.

Peter.

Follow-Ups:
- Re: draft-harris-ssh-rsa-kex-02 and a possible future change
  - From: Ben Harris

References:
- draft-harris-ssh-rsa-kex-02 and a possible future change
  - From: Ben Harris

Prev by Date: Re: Resolution of last call comments for draft-harris-ssh-arcfour-fixes-02.txt
Next by Date: Re: draft-harris-ssh-rsa-kex-02 and a possible future change
Previous by Thread: Re: draft-harris-ssh-rsa-kex-02 and a possible future change
Next by Thread: Re: draft-harris-ssh-rsa-kex-02 and a possible future change
Indexes:

Home | Main Index | Thread Index | Old Index