The US government's custodian of cryptography standards has released two proposed changes to the SHA-2 hashing algorithm that are designed to boost performance on 64-bit systems. The tweaks, published this week (PDF) by the National Institute of Standards and Technology, would update the 512-bit version of SHA-2, which was …
"... would reduce ... the performance requirements, ... by truncating the output."
Umm, back in the old days, web browsers developed in the US received export permission by taking 128-bit SSL and using only the 40 least significant bits, weakening the crypto considerably.
How is this any different?
By a factor of 3.2
The idea isn't to use SHA-512/256 instead of SHA-512: it's to use it instead of SHA-256. So it's replacing one 256-bit hash with another 256-bit hash. Completely different scenario to replacing a 128-bit cipher with a 40-bit one.
Generating rainbow tables for this would take less time!
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Analysis Uber, Lyft and cutting corners: The true face of the Sharing Economy