Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72168
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 16386 invoked from network); 4 Feb 2014 04:30:51 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Feb 2014 04:30:51 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.182 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.217.182 mail-lb0-f182.google.com  
Received: from [209.85.217.182] ([209.85.217.182:40579] helo=mail-lb0-f182.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 77/21-09069-AFC60F25 for <internals@lists.php.net>; Mon, 03 Feb 2014 23:30:50 -0500
Received: by mail-lb0-f182.google.com with SMTP id w7so6166387lbi.27
        for <internals@lists.php.net>; Mon, 03 Feb 2014 20:30:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=8B+oFVD2S9RPg0WHiWVd2h1It2WQMSTlofkjjOJpFEI=;
        b=IvfBQ426fhs/m+SydbEc8ebO98WIqpe2coc8oUuy7VU432gOq5xI2/I0GoQo695zOv
         K54cshKGR2QFsgqeKLwPQtoyKSAFgkz7svCrED0oKOP9OyOCazoeqcKfuvQXMt5i3jOG
         K3NGqEa2yMOBeW9Av7H0EnQ1E4Xm2DHKXiVFzEi5J5sjMjwA6TWYwpZdr6U9io7vuVrn
         2G63igSxf5E0cEEGyhZmtRE2eW1MLHpfAxif+llPe9I79jgb2CZfmaseWkqjq7oA4jC3
         zI/gsVDXdkdFu0At3RBWCrsjVutEqMFAHLBo+010/tj3jn2kjUKwxBGJeBRhnlUNkczI
         92xw==
X-Received: by 10.152.228.172 with SMTP id sj12mr4479493lac.32.1391488247248;
 Mon, 03 Feb 2014 20:30:47 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.199.37 with HTTP; Mon, 3 Feb 2014 20:30:06 -0800 (PST)
In-Reply-To: <CAGa2bXZhT_8-BEjLuA4EPkZmxtpO1onz7AGTjCE-w85XC5pwdQ@mail.gmail.com>
References: <9E3AA302-1EC1-4497-996F-716555CAAB64@rouvenwessling.de>
 <CAF+90c-32u=vVy4L4pB_OWGu2VmeUckxq8UW_AVJNC8iDtiWMQ@mail.gmail.com>
 <52F0139C.2060102@sugarcrm.com> <CAGa2bXZhT_8-BEjLuA4EPkZmxtpO1onz7AGTjCE-w85XC5pwdQ@mail.gmail.com>
Date: Tue, 4 Feb 2014 13:30:06 +0900
X-Google-Sender-Auth: tVtg1cfB233VOv5x4ieeW3ZgFeo
Message-ID: <CAGa2bXZ5HnwFCFSxv9+Vgp9ssLZiEtC-q-4bFWUDr9T8T_w5_w@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: Nikita Popov <nikita.ppv@gmail.com>, =?UTF-8?Q?Rouven_We=C3=9Fling?= <me@rouvenwessling.de>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113436f0afbce104f18d1a36
Subject: Re: [PHP-DEV] [VOTE] Timing attack safe string comparison function
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a113436f0afbce104f18d1a36
Content-Type: text/plain; charset=UTF-8

Hi all,

On Tue, Feb 4, 2014 at 1:06 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> It's enough for hash functions up to 1024 bits. For SHA-3, we may set
> larger minimum.


Just an additional note.
AFAIK, SHA-3 also has 512 bits maximum.
Since it has more bits internally, it may be extended.
There may be hash functions that have larger bits.
256 iterations would be long enough for many years.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a113436f0afbce104f18d1a36--