algorithm 11 mistake mac

Robert J. Hansen rjh at
Wed Jul 8 00:10:07 CEST 2009

On Jul 7, 2009, at 6:02 PM, David Shaw wrote:
> Or are you asking if there is there a significant difference between  
> SHA-256 truncated to 224 bits and straight SHA-224 in terms of hash  
> strength?  If so, no, there really isn't.  SHA-224 in fact *is* a  
> truncated SHA-256 with a different initialization.

That's exactly what I was asking.  Speaking for myself, I think it's  
preferable to use SHA-256 over SHA-224, even in instances where 32  
bits of it are stripped -- mostly for interoperability reasons.  But  
other people's mileage may vary.

More information about the Gnupg-users mailing list