[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Kurt Roeckx
kurt at roeckx.be
Tue Dec 16 19:46:35 UTC 2014
On Tue, Dec 16, 2014 at 06:56:14PM +0000, Viktor Dukhovni wrote:
> And the browsers should implement SHA-384, and why the hell are we
> using SHA-384 with AES256-GCM instead of SHA-256 anyway? Surely
> the SHA256 HMAC construction has adequate strength in this context?
With GCM the collision resistance is important and SHA-256
only provides an 128 bit strength for that.
Kurt
More information about the openssl-dev
mailing list