[noise] Hash len > cipher len in tls1.2

Jason A. Donenfeld Jason at zx2c4.com
Fri Mar 4 04:47:43 PST 2016

Hi guys,

I haven't looked in depth into the details, but recently while doing some
menial sysadmin labor, I noticed that TLS1.2 cipher suites always have a
hash length bigger than the cipher key length. AES128 uses SHA256 and
AES256 uses SHA384. I was wondering if we should consider the same thing
here for Noise. Namely, suggesting Blake2b over Blake2s, since ChaCha is
256 bits. Or does it not matter, and TLS1.2 has done this for very
particular reasons?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160304/2c74f582/attachment.html>

More information about the Noise mailing list