On 03/25/2010 09:38 AM, Niels Möller wrote:
When looking at the test vectors you provided, I noticed SHA-224 (specified in the update http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf and also RFC 3874). Is this also important, are there any protocols or application that specify it's use? It's defined in terms of SHA256 in the same way as SHA384 is defined in terms of SHA512. To me, the SHA-2 family seems to have more members than are really useful.
you're not the only one to have that impression; i think the goal of 224 and 384 was to provide a standard way to do hash truncation if a protocol is trying to save room, but i don't really know.
OpenPGP defines sha-224 as part of its suite of message digests, so i think supporting it would be good. If you're concerned about size of the compiled library, maybe a configure flag could disable certain versions and avoid packaging their constants and configuration? i dunno if that'd be worth it.
Thanks for looking into this, Niels.
--dkg