From: Matt Borland (matt_at_[hidden])
Date: 2024-12-12 20:34:41

• Next message: Ruben Perez: "Re: [hash2] Formal Review Begins"
• Previous message: Peter Dimov: "Re: [hash2] Formal Review Begins"
• In reply to: Peter Dimov: "Re: [hash2] Formal Review Begins"
• Next in thread: Ruben Perez: "Re: [hash2] Formal Review Begins"
• Reply: Ruben Perez: "Re: [hash2] Formal Review Begins"

> The actual SHA256 implementation in OpenSSL has been looked at much
> more than the one in Hash2 at this point, but the Hash2 code is easy to
> inspect and verify because it follows the reference implementation
> very closely at the moment (although this might change if we add SHA-NI
> optimizations in the future.)

OpenSSL's SHA implementations (SHS and SHA3) are also certified under FIPS 140-2 [1] if this is a relevant property for your users Reuben.

Matt

[1] https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282

• application/pgp-keys attachment: publickey_-_matt_mattborland.com_-_0xC1382EAD.asc

• application/pgp-signature attachment: OpenPGP digital signature

• Next message: Ruben Perez: "Re: [hash2] Formal Review Begins"
• Previous message: Peter Dimov: "Re: [hash2] Formal Review Begins"
• In reply to: Peter Dimov: "Re: [hash2] Formal Review Begins"
• Next in thread: Ruben Perez: "Re: [hash2] Formal Review Begins"
• Reply: Ruben Perez: "Re: [hash2] Formal Review Begins"