Nikos Mavrogiannopoulos <n.mavrogiannopou...@gmail.com> writes: > SHA3-224 section: I'd provide a reference to > http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf, > since it is now published. > > I don't see any test vectors to verify but note that the document > says: "The four SHA-3 hash functions differ slightly from the > instances of KECCAK that were proposed for the SHA-3 competition [3]. > In particular, two additional bits are appended to the messages, in > order to distinguish the SHA-3 hash functions from the SHA-3 XOFs, and > to facilitate the development of new variants of the SHA-3 functions > that can be dedicated to individual application domains. The mechanism > for achieving these goals is called domain separation".
This is going to get a bit messy. I think you mentioned changes earlier, but I haven't seen any details until now. If I understand this correctly, they append two bits 01 to the messages (see page 20). Not sure if there are any other changes, but that's sufficient to make it incompatible with the current implementation. Some (not yet official) test vectors seem to be available at http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing Nettle changes should wait until the specification is final. > Camellia: I'd add "Camellia is one of the selected algorithms in the > New European Schemes for Signatures, Integrity and Encryption (NESSIE) > project". > https://www.cosic.esat.kuleuven.be/nessie/deliverables/press_release_feb27.pdf > > Galois counter mode: (see Keyed hash functions... parenthesis doesn't close. Thanks, I'll address that. > ChaCha-Poly1305: If you plan a release soon, I'd suggest not to > include that yet. There is no document you can refer to and the latest > draft document we have already differs from the implementation. > (see http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-02 ) I'd expect that the variant implemented in openssh is going to see some use. But maybe it's better to either leave chacha-poly1305 undocumented for now, or mark it clearly as experimental and not expected to stay compatible. > Traditional Nettle Soup: I never knew there was such a thing :) This is the right time of the year to prepare that soup. It's pretty good. On the other hand, I'm fairly sure there's *no* way to prepare anything edible from hogweed. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
