Is there an algorithm that computes the strength of a digest alg?
Bruce Rich
brich at us.ibm.com
Mon Oct 24 15:34:44 UTC 2011
For the algorithms that NIST recognizes and approves, the doc linked below
has some strength comparisons in tables near page 60
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Bruce A Rich
brich at-sign us dot ibm dot com
From: Bradford Wetmore <bradford.wetmore at oracle.com>
To: Weijun Wang <weijun.wang at oracle.com>
Cc: "Xuelei.Fan at oracle.com" <Xuelei.Fan at oracle.com>, OpenJDK
<security-dev at openjdk.java.net>
Date: 10/23/2011 10:47 PM
Subject: Re: Is there an algorithm that computes the strength of a
digest alg?
Sent by: security-dev-bounces at openjdk.java.net
I don't know of anything like that. As Michael points out, key Lengths
by themselves are not always a good indicator of relative stength.
BTW, JSSE hard-codes the choices.
Brad
On 10/23/2011 6:52 PM, Weijun Wang wrote:
> Hi Andrew
>
> I need a method
>
> boolean isWeakerThan(String a1, String a2)
>
> so that isWeakerThan("MD5", "SHA1") returns true and
> isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a
> lot of constraints works in JDK 7. Do you have an existing one?
> Otherwise, I plan to manually assign a value to each known algorithm and
> compare it.
>
> Thanks
> Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20111024/62ddac0a/attachment.htm>
More information about the security-dev
mailing list