[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: AES with SHA-2
From: joern () dfintra ! f-secure ! com
Date: 2001-09-25 21:16:59
[Download RAW message or body]
At 15:15 25.09.2001 -0400, you wrote:
>Hi all&
>
>
>
> I wonder what the consensus is on using SHA-2 with AES for
> ESP. Are you all implementing such a transform? Do you plan to?
>
>
>
>Thanks!
>
>
>
>Josh Shaul
No, we're not. What's the point of using sha-2 in ESP anyway?
We are using a truncated (96 bits) output of sha-1 or md5 today.
Using sha-2-96 would be utterly pointless, because the only
advantage of sha-2 over sha-1 is the longer output.
Before you plan anything, you should wonder how many bits you want.
More than 96 bit, apparently. But how much more? Then, wouldn't
sha-1-128 or sha-1-160 be enough for you?
I'm happy with 96 bits.....
Jörn Sierwald
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic