On Sunday, April 24, 2016 at 9:38:20 PM UTC-4, Mouse wrote: > > 1. I think we all agree that we must have the FIPS-202 compliant SHA-3. >
Yeah, we've got that one marked as DEPRECATED. That will be changed at next major or minor bump. We also need to change the name of the algorithm. In FIPS 202, the name is "SHA3-224", "SHA3-256", etc. We are currently returning "SHA-3-224" and friends. > 2. Since SHA-3 does not provide the same security properties as the > original Keccak, I think we must keep Keccak implementation available for > those who (for whatever reason) are not satisfied by the properties of > SHA-3. Regarding Keccak versions, I agree that in the long term we > could/should talk to the Keccak developers (off-hand I don’t know if we > want to support multiple versions of Keccak, nor wether it would make > sense, nor whether anybody really needs that). For now we can keep whatever > we got. > Yeah, I think the folks who depend on _current_ SHA3 behavior will be able to turn to our upcoming Keccak. As far as versions, I talked with David over at Bouncy Castle. They are providing Version 3 as updated for NIST's Round 3. I don't know what Jack Lloyd is doing at Botan, but I can ping him. I think it would be prudent if we aligned with BC and/or Botan. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
