I suggest that SHA224 does not qualify as "SHA256 or better". Truncating any hash should not be considered equivalent or better. Reductio ad absurdum: truncate to 128 bits, 16 bits, 8 bits, or 1 bit. On Mon, 2021-03-29 at 08:15 +0000, Theallredman via Python-Dev wrote:
No need to be condescending. Trust me when I say I know the bit length relates to the collision resistance. Also trust me when I say there are other dimensions upon which to consider one hash algo over another other then just collision resistance such as, power consumption, execution time, whether or not the algorithm suffers from length extension attacks.
I'm assuming the reason MD5 and SHA1 were both disallowed were because they have been proven to have a collision resistance less then 1/2 their bit length. But this is not the case for SHA224. It is just a truncated version of SHA256 and thus the underlying algorithm is just as strong as SHA256 except that you can expect to find a collision in about 16 bits of work less.
So going back to my actual question SHA224 is disallowed in record files because it's bit length is less then 256? _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-leave@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/NKMWTOLR... Code of Conduct: http://python.org/psf/codeofconduct/