Mfcttrf

Pedaling at different gear ratios on flat terrain: what's the point?

Polynomial division: Is this trick obvious?

How to handle professionally if colleagues has referred his relative and asking to take easy while taking interview

Why doesn't Iron Man's action affect this person in Endgame?

Is it possible to pass a pointer to an operator as an argument like a pointer to a function?

Why use a retrograde orbit?

​Cuban​ ​Primes

Divisor Rich and Poor Numbers

Have there been any examples of re-usable rockets in the past?

Why is vowel phonology represented in a trapezoid instead of a square?

Why do academics prefer Mac/Linux?

Why are there five extra turns in tournament Magic?

Resistor Selection to retain same brightness in LED PWM circuit

Why is so much ransomware breakable?

Bash grep result from command whole line

SHAKE-128/256 or SHA3-256/512

refer string as a field API name

Cannot remove door knob -- totally inaccessible!

How was the blinking terminal cursor invented?

When did Britain learn about American independence?

Is Big Ben visible from the British museum?

Physically unpleasant work environment

What color to choose as "danger" if the main color of my app is red

multiline equation inside a matrix that is a part of multiline equation

SHAKE-128/256 or SHA3-256/512

Use case for extendable-output functions (XOF) such as SHAKE128/SHAKE256What are the practical differences between 256-bit, 192-bit, and 128-bit AES encryption?How secure would HMAC-SHA3 be?Should HMAC-SHA3 be preferred over H(C(k,M))?Crypto++ and SHA3Questions about SHA and SHAKESHA3 HMAC key paddingShake 128/256 Output Length RestrictionsStrength of Hash obtained by XOR of parts of SHA3Is it secure to hash an AES key?SHA3 hardware implementation

2

1

$begingroup$

Would it be better to use SHAKE-128/256 or SHA3-256/512? In what situation should I chose one over the other?

encryption sha-3

share|improve this question

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

New contributor

Alejandro Martinez is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

2

1

$begingroup$

Would it be better to use SHAKE-128/256 or SHA3-256/512? In what situation should I chose one over the other?

encryption sha-3

share|improve this question

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

New contributor

Alejandro Martinez is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

$begingroup$

Would it be better to use SHAKE-128/256 or SHA3-256/512? In what situation should I chose one over the other?

encryption sha-3

share|improve this question

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

New contributor

Alejandro Martinez is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

share|improve this question

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

New contributor

Alejandro Martinez is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

New contributor

Alejandro Martinez is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

edited 4 hours ago

Maarten Bodewes♦

56.6k681200

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

New contributor

Alejandro Martinez is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 6 hours ago

Alejandro MartinezAlejandro Martinez

112

1 Answer
1

active

oldest

votes

6

$begingroup$

And in which case would it be more interesting to use one or another?

So SHA3-$n$ offers $n$ bits of security against preimage and second-preimage attacks and $n/2$ bits of security against collision attacks.
On the other side SHAKE-$n$ offers at $n$ bits of security against preimage and second-preimage attacks and also $n$ bits of security against collision attacks (assuming the digest is at least $2n$ bits long). So when to use which?

• When you are forced to use "an approved hash function", you use SHA3, because SHAKE doesn't qualify.


• When you need a really long hash output (or an XOF in general), you use SHAKE.


• When you really need more than 256 bits of security against preimage or second-preimage attacks you use SHA3.


• When you want to be compatible with more other systems, you probably want to use SHA3.


• When speed matters to you (and you still want to use SHA3 / SHAKE) and you are happy with an all-arond $n$-bit security level (for $nin128,256$), you use SHAKE.

This last point follows from the fact that the higher preimage resistance in SHA3 is paid for with lower rate (=number of new bits processed per internal permutation invocation) which is usually higher in SHAKE than in SHA3 (SHAKE256 has the same as SHA3-256).

share|improve this answer

answered 5 hours ago

SEJPM♦SEJPM

30k659142

$endgroup$

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

Alejandro Martinez is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70565%2fshake-128-256-or-sha3-256-512%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

6

$begingroup$

And in which case would it be more interesting to use one or another?

So SHA3-$n$ offers $n$ bits of security against preimage and second-preimage attacks and $n/2$ bits of security against collision attacks.
On the other side SHAKE-$n$ offers at $n$ bits of security against preimage and second-preimage attacks and also $n$ bits of security against collision attacks (assuming the digest is at least $2n$ bits long). So when to use which?

• When you are forced to use "an approved hash function", you use SHA3, because SHAKE doesn't qualify.


• When you need a really long hash output (or an XOF in general), you use SHAKE.


• When you really need more than 256 bits of security against preimage or second-preimage attacks you use SHA3.


• When you want to be compatible with more other systems, you probably want to use SHA3.


• When speed matters to you (and you still want to use SHA3 / SHAKE) and you are happy with an all-arond $n$-bit security level (for $nin128,256$), you use SHAKE.

This last point follows from the fact that the higher preimage resistance in SHA3 is paid for with lower rate (=number of new bits processed per internal permutation invocation) which is usually higher in SHAKE than in SHA3 (SHAKE256 has the same as SHA3-256).

share|improve this answer

answered 5 hours ago

SEJPM♦SEJPM

30k659142

$endgroup$

add a comment | 

6

$begingroup$

And in which case would it be more interesting to use one or another?

So SHA3-$n$ offers $n$ bits of security against preimage and second-preimage attacks and $n/2$ bits of security against collision attacks.
On the other side SHAKE-$n$ offers at $n$ bits of security against preimage and second-preimage attacks and also $n$ bits of security against collision attacks (assuming the digest is at least $2n$ bits long). So when to use which?

• When you are forced to use "an approved hash function", you use SHA3, because SHAKE doesn't qualify.


• When you need a really long hash output (or an XOF in general), you use SHAKE.


• When you really need more than 256 bits of security against preimage or second-preimage attacks you use SHA3.


• When you want to be compatible with more other systems, you probably want to use SHA3.


• When speed matters to you (and you still want to use SHA3 / SHAKE) and you are happy with an all-arond $n$-bit security level (for $nin128,256$), you use SHAKE.

This last point follows from the fact that the higher preimage resistance in SHA3 is paid for with lower rate (=number of new bits processed per internal permutation invocation) which is usually higher in SHAKE than in SHA3 (SHAKE256 has the same as SHA3-256).

share|improve this answer

answered 5 hours ago

SEJPM♦SEJPM

30k659142

$endgroup$

add a comment | 

$begingroup$

And in which case would it be more interesting to use one or another?

So SHA3-$n$ offers $n$ bits of security against preimage and second-preimage attacks and $n/2$ bits of security against collision attacks.
On the other side SHAKE-$n$ offers at $n$ bits of security against preimage and second-preimage attacks and also $n$ bits of security against collision attacks (assuming the digest is at least $2n$ bits long). So when to use which?

• When you are forced to use "an approved hash function", you use SHA3, because SHAKE doesn't qualify.


• When you need a really long hash output (or an XOF in general), you use SHAKE.


• When you really need more than 256 bits of security against preimage or second-preimage attacks you use SHA3.


• When you want to be compatible with more other systems, you probably want to use SHA3.


• When speed matters to you (and you still want to use SHA3 / SHAKE) and you are happy with an all-arond $n$-bit security level (for $nin128,256$), you use SHAKE.

This last point follows from the fact that the higher preimage resistance in SHA3 is paid for with lower rate (=number of new bits processed per internal permutation invocation) which is usually higher in SHAKE than in SHA3 (SHAKE256 has the same as SHA3-256).

share|improve this answer

answered 5 hours ago

SEJPM♦SEJPM

30k659142

$endgroup$

share|improve this answer

answered 5 hours ago

SEJPM♦SEJPM

30k659142

answered 5 hours ago

SEJPM♦SEJPM

30k659142

answered 5 hours ago

SEJPM♦SEJPM

30k659142