Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
SHA3-224 section: I'd provide a reference to http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf, since it is now published.
I don't see any test vectors to verify but note that the document says: "The four SHA-3 hash functions differ slightly from the instances of KECCAK that were proposed for the SHA-3 competition [3]. In particular, two additional bits are appended to the messages, in order to distinguish the SHA-3 hash functions from the SHA-3 XOFs, and to facilitate the development of new variants of the SHA-3 functions that can be dedicated to individual application domains. The mechanism for achieving these goals is called domain separation".
This is going to get a bit messy. I think you mentioned changes earlier, but I haven't seen any details until now. If I understand this correctly, they append two bits 01 to the messages (see page 20). Not sure if there are any other changes, but that's sufficient to make it incompatible with the current implementation.
Some (not yet official) test vectors seem to be available at http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing
Nettle changes should wait until the specification is final.
Camellia: I'd add "Camellia is one of the selected algorithms in the New European Schemes for Signatures, Integrity and Encryption (NESSIE) project". https://www.cosic.esat.kuleuven.be/nessie/deliverables/press_release_feb27.p...
Galois counter mode: (see Keyed hash functions... parenthesis doesn't close.
Thanks, I'll address that.
ChaCha-Poly1305: If you plan a release soon, I'd suggest not to include that yet. There is no document you can refer to and the latest draft document we have already differs from the implementation. (see http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-02 )
I'd expect that the variant implemented in openssh is going to see some use. But maybe it's better to either leave chacha-poly1305 undocumented for now, or mark it clearly as experimental and not expected to stay compatible.
Traditional Nettle Soup: I never knew there was such a thing :)
This is the right time of the year to prepare that soup. It's pretty good.
On the other hand, I'm fairly sure there's *no* way to prepare anything edible from hogweed.
Regards, /Niels