algorithm 11 mistake mac

David Shaw dshaw at
Wed Jul 8 00:23:17 CEST 2009

On Jul 7, 2009, at 6:10 PM, Robert J. Hansen wrote:

> On Jul 7, 2009, at 6:02 PM, David Shaw wrote:
>> Or are you asking if there is there a significant difference  
>> between SHA-256 truncated to 224 bits and straight SHA-224 in terms  
>> of hash strength?  If so, no, there really isn't.  SHA-224 in fact  
>> *is* a truncated SHA-256 with a different initialization.
> That's exactly what I was asking.  Speaking for myself, I think it's  
> preferable to use SHA-256 over SHA-224, even in instances where 32  
> bits of it are stripped -- mostly for interoperability reasons.  But  
> other people's mileage may vary.

You need to use what makes you happy, I guess.  GPG doesn't care one  
way or the other, and this isn't one of those cases where doing the  
"wrong" thing will hurt you in a significant way.


More information about the Gnupg-users mailing list