tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Increasing FreeBSD compatibility in mtree

On Thu, Sep 27, 2012 at 11:39:49AM -0400, Mouse wrote:
> > When I asked why we didn't have SHA384 the response I got was roughly
> > "because it's an abomination that should never have been created".
> I'm not sure I'd go that far, but it is pretty silly.  SHA384 is the
> same as SHA512 except that the initial state is different and 128 of
> the output bits are thrown away; I have trouble imagining a
> circumstance under which anything that could use SHA512 would prefer to
> use SHA384 instead.  (Possibly excepting designer insanity. :)

Well, it's the same basic principle as SHA224: you might not have space
in your message format for the full hash, and it's nice to have a method
for truncating it which is blessed as safe.

Of course, one of the design goals of HMAC is to make it safe to truncate
hashes which otherwise might not be -- but HMAC is more computationally
expensive, and SHA256 or SHA512 are plenty expensive all on their own.


Home | Main Index | Thread Index | Old Index