origin of SHA 224 initial hash values
Jeroen C.van Gelderen
jeroen at vangelderen.org
Sat Dec 6 14:36:35 EST 2003
On Dec 6, 2003, at 3:26, Jeremiah Rogers wrote:
> I'm having trouble pinpointing the origin of the initial hash values
> for SHA 224 and, for that matter, 128. These values are defined as hex
> representations of cube roots of primes for sha-1 of lengths 256, 384
> and 512, but I can't find where they were obtained for the shorter
> lengths.
>
> Thanks and apologies if this is something well known.
I'd like to second this request for clarification.
I noted that 224 yields a security level identical to 2-key Triple DES.
A quick Google search reveals that SHA-224 is mentioned a few times, in
draft-ietf-pkix-rsa-pkalgs-01.txt
draft-ietf-smime-cms-rsa-kem-01.txt
among others.
A draft-ietf-pkix-sha224-00.txt is referenced but not yet available
from the IETF website.
* 80-bit security. The RSA key size SHOULD be at least 1024 bits,
the hash function underlying KDF2 SHOULD be SHA-1 or above, and
the symmetric key-wrapping scheme SHOULD be AES Key Wrap or
Triple-DES Key Wrap.
* 112-bit security. The RSA key size SHOULD be at least 2048
bits, the hash function underlying KDF2 SHOULD be SHA-224 or
above, and the symmetric key-wrapping scheme SHOULD be AES Key
Wrap or Triple-DES Key Wrap.
* 128-bit security. The RSA key size SHOULD be at least 3072
bits, the hash function underlying KDF2 SHOULD be SHA-256 or
above, and the symmetric key-wrapping scheme SHOULD be AES Key
Wrap.
-- draft-ietf-smime-cms-rsa-kem-01.txt, pg4
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list