On Fri, Sep 02, 2016 at 01:29:28PM +0000, Blumenthal, Uri - 0553 - MITLL wrote: > Speaking of PRF hash, I want to bring up the fact that‎ SHA-3 is a > better PRF by design, as that was one of the explicitly stated > competition requirements (unlike MD*, SHA-1, and SHA-2).
Well, the name "prf-hash" comes from SSLv3-TLS 1.2 days, before it was noticed that you need collision resistance too, which is much stronger requirement than being a good prf (in constructions like HMAC or HKDF). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls