algorithm 11 mistake mac
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jul 8 00:10:07 CEST 2009
On Jul 7, 2009, at 6:02 PM, David Shaw wrote:
> Or are you asking if there is there a significant difference between
> SHA-256 truncated to 224 bits and straight SHA-224 in terms of hash
> strength? If so, no, there really isn't. SHA-224 in fact *is* a
> truncated SHA-256 with a different initialization.
That's exactly what I was asking. Speaking for myself, I think it's
preferable to use SHA-256 over SHA-224, even in instances where 32
bits of it are stripped -- mostly for interoperability reasons. But
other people's mileage may vary.
More information about the Gnupg-users