|
|
|
|
|
|
by fdupress
489 days ago
|
|
|
The "keyed SHA-256" in key transparency's leaf_hash is ok in its current state, but limits future evolution (or presents a risk if that evolution is not done carefully): SHA-256 is subject to length extension. I could not follow where the leaf_hash is used carefully enough to figure out exactly how dangerous this is in the broader context and taking future evolution into account. But it's clearly safe as it is used now because all expected inputs have the same length. |
|
|