Skip to content

Using sha256, sha512, ED25519ph or not #1147

Answered by jedisct1
Kleidukos asked this question in Q&A
Discussion options

You must be logged in to vote

Ed25519ph uses SHA-512 internally, but length extensions attacks are not relevant in this context.

It's perfectly fine to use. You can also pre-hash yourself with generichash() and sign the result with regular Ed25519.

The only critical thing here is to use a collision-resistant hash function. And there's no sign that SHA-2 is going to be broken anytime soon.

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@Kleidukos
Comment options

Answer selected by Kleidukos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants
Converted from issue

This discussion was converted from issue #1147 on January 11, 2022 23:11.