[Cryptography] SHA-3 FIPS-202: no SHAKE512 but SHAKE128; confusing SHAKE security
dj at deadhat.com
dj at deadhat.com
Wed Aug 12 19:55:55 EDT 2015
> addition: afaik nist at one point considered adding a remark that
> shakes are the preferred primitives. it is apparently missing from the
> final document. which i find unfortunate.
However in my experience so far, the shakes are the preferred primitives.
When you're getting a room of people in a standards group to first agree
on a minimum security strength (say O(2^128)) then to agree on a hash,
taking recent history into account and looking to the future deployments,
the shakes are the obvious choice and shake128 has already been adopted in
one standards body I'm involved in.
More information about the cryptography
mailing list