Comment 4 for bug 1556666

Jason Gerard DeRose (jderose) wrote :

@Anders - ah, yeah, you're right. I've been so in the habit of always using SHA-384 as my go-to SHA2 hash that it's been a while since I've thought through when message length extension attacks matter.

I agree that in this scenario, there shouldn't be any particular advantage when it comes to SHA-512 vs. SHA-384.