Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why SHA384? #155

Closed
rugk opened this issue Nov 10, 2016 · 2 comments

Comments

@rugk
Copy link

@rugk rugk commented Nov 10, 2016

Why not other hashing algorithms? (SHA-256 or SHA-512) What is the rationale behind it?

Do not all browsers support SHA-512 or SHA-256 e.g.?

I am asking this also, because I have no idea about the browser support and some statistics would be helpful for PrivateBin/PrivateBin#123.

@fmarier

This comment has been minimized.

Copy link
Contributor

@fmarier fmarier commented Nov 10, 2016

Why not other hashing algorithms? (SHA-256 or SHA-512) What is the rationale behind it?

We only use a single algorithm because that's all you need (the browser only looks at the strongest one) and it makes the HTML shorter. As for why we chose SHA384, see w3c/webappsec#477.

Do not all browsers support SHA-512 or SHA-256 e.g.?

They all do, it's required by the spec. The support for multiple hashes is in the spec for backward-compatibility once we introduce new hash algorithms (e.g. SHA3).

I hope this helps.

@fmarier fmarier closed this Nov 10, 2016
@rugk

This comment has been minimized.

Copy link
Author

@rugk rugk commented Nov 10, 2016

Yes, this helps indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.