Jerry Leichter wrote:
>Currently we have SHA-128 and SHA-256, >but exactly why one should choose one
>or >the other has never been clear - SHA-256 is >somewhat more expensive, but
>I can't >think of any examples where SHA-128 >would be practical but SHA-256
>would not. >In practice, when CPU is
tion for open source FIPS 180 code. This isn't the
country it described in social studies and civics class anymore, at all,
however once it may have lived up to that mythology.
Cheers,
David Mercer
David Mercer
Portland, OR
-Original Message-
From: Ray Dillinger
Sender: cryp
Ok, I dug around my email archives to see what the heck to google, and answered
my own question regarding ITAR and NIST defined Suite B implementing software.
Here it goes
>From http://www.nsa.gov/ia/programs/suiteb_cryptography/
...Says, effectively, that products that 'are configure to USE
Fare wrote:
>Or once again, maybe a general problem solver given the specification
>of some cryptographic function satisfying some properties could
>automatically find a robust enough algorithm, and then it's impossible
>to either restrict its export or patent. Now, if each time your solver
>is its
--Alexander Kilmov wrote:
>--David Mercer wrote:
>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years
>> that require more than the requisite notification email to NSA for
>> download URL and authorship information? Figuring this one out last
>> time around took lttts
Ok, skip this one if you aren't an active crypto library maintainer. I'm
updating a hash library from FIPS 180-2 to 180-4 compliance and this list is
the place I know where somebody might know the answers to all the following
questions without my spending days tracking down the answers.
Please
Phillip Hallam-Baker wrote:
>One hypothesis that I would like to throw >out is that there is no point in
>accepting >encrypted email from someone who does >not have a key to encrypt
>the response.
I'd agree, as I was in just this position in the last week or so: I got a gpg
encryped email from
Iang wrote:
>Why do we need the 1980s assumption of >being able to send freely to
>everyone, anyway?
tech.supp...@i.bought.your.busted.thing.com is one that comes to mind.
i...@sale.me.your.thing.com is another. I think the types of "prior whitelist
only" secure systems being discussed on-list
