Re: [pkcs11] Proposal: CKM_SHA512_224, CKM_SHA512_256, CKM_SHA512_T

[Andrey Jivsov <Andrey_Jivsov@symantec.com>]

On 08/07/2013 09:21 AM, Dina Kurktchi wrote:
> Do you mean "trunc(SHA-1(x), 24 bits)" is equivalent to "SHA-512/24(x)",
> or is equivalent to "trunc(SHA-512(x), 24 bits)"?  Which did you mean?

trunc(SHA-1(x), 24 bits) is equivalent in strength to trunc(SHA-512(x), 
24 bits) or SHA-512/24(x) (does it even exist?) in applications that 
don't depend on collision resistance due to the fact that there is no 
known vulnerability for SHA-1 in this narrow use.

KDFs and MACs fall into this category. So, if there is some standard that hard-wires SHA-1, say, for KDF, there is little incentive to change it.