tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Increasing FreeBSD compatibility in mtree



On Thu, Sep 27, 2012 at 07:47:34PM -0400, Mouse wrote:
> >> SHA384 is the same as SHA512 except that the initial state is
> >> different and 128 of the output bits are thrown away; [...]
> > Well, it's the same basic principle as SHA224: you might not have
> > space in your message format for the full hash, and it's nice to have
> > a method for truncating it which is blessed as safe.
> 
> Perhaps, if warm fuzzies (or being able to satisfy a tick-list) are
> what matter to you.
> 
> But, if just truncating SHA512 to N bits produces something
> substantially weaker than any other N-bit hash, then it seems to me
> that _necessarily_ indicates a weakness in SHA512....

I think the best short treatment of this is John Kelsey's:
        http://csrc.nist.gov/groups/ST/hash/documents/Kelsey_Truncation.pdf

Thor


Home | Main Index | Thread Index | Old Index