OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Proposal: CKM_SHA512_224, CKM_SHA512_256, CKM_SHA512_T

On 8/5/2013 7:01 PM, Andrey Jivsov wrote:
It would be odd to continue to see references in NIST documents in support of the 80 bit security.

SHA-512/160 still has maximum security of 80 bits in digital signature applications (the collision resistance feature).

From SP 800-131A:
With the publication of SP 800-57, Part 1 in 2005, NIST announced the intent to
transition from a minimum cryptographic security strength of 80 bits to a security
strength of 112 bits by the end of 2010.
Then the doc say that NIST feels that the deadline can be extended till 2013. These extensions won't continue forever. In addition, they are more due to the widespread use of SHA-1. One would hope that if it's possible to add support for SHA-512/160, then it should be possible to add support for SHA-256.


There's some disconnect going on here.  SHA1 has been deprecated/prohibited only for signatures, it's still permitted for general hashes, KDFs, PRFs and HMACs.  So for the current document, its perfectly acceptable to talk about 160 bit lengths.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]