[Cryptography] SHA-3 FIPS-202: no SHAKE512 but SHAKE128; confusing SHAKE security
Krisztián Pintér
pinterkr at gmail.com
Fri Aug 14 16:24:28 EDT 2015
ianG (at Friday, August 14, 2015, 9:15:06 PM):
> One of the things that has emerged in the last N years or so is that it
> is up to the protocol designer to present a good cipher suite that is
> balanced. Letting a user choose different algorithms has proven to be a
> bad idea -- the user doesn't know more than us, and to a pretty good
> confidence level knows much less. So to some extent we've lent on this
> idea that for a 128 bit strength we need a 256 bit hash, a 128 bit
> cipher, etc etc as is now popularised by the Suite B list.
and the designer did
http://keccak.noekeon.org/tune.html
don't forget keccak > sha3. they have a lot of interesting stuff that
is not standardized. like one-pass authenticated encryption.
More information about the cryptography
mailing list