Re: ASN.1 OID for TIGER/192

Jon Callas <> Mon, 07 October 2002 09:28 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id FAA11329 for <>; Mon, 7 Oct 2002 05:28:51 -0400 (EDT)
Received: (from majordomo@localhost) by (8.11.6/8.11.3) id g979HeV14883 for ietf-openpgp-bks; Mon, 7 Oct 2002 02:17:40 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g979Hdv14879 for <>; Mon, 7 Oct 2002 02:17:39 -0700 (PDT)
Received: from [] ( by with ESMTP (Eudora Internet Mail Server 3.1.2) for <>; Sun, 6 Oct 2002 14:43:00 -0700
User-Agent: Microsoft-Entourage/
Date: Sun, 06 Oct 2002 14:43:02 -0700
Subject: Re: ASN.1 OID for TIGER/192
From: Jon Callas <>
To: OpenPGP <>
Message-ID: <>
In-Reply-To: <>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>
Content-Transfer-Encoding: 7bit

I confess I am wondering why this is needed. Five years ago, we flirted with
Tiger and Haval because you need wider hashes for better signatures. 192
bits is a bit dodgy because it only gets you an effective strength of 96
bits (over 80 bits for SHA-1). Today, we have all the wide SHAs in the
suite, which balance with symmetric ciphers up to 256 bits of key size.
Adding in TIGER/192 now seems like too little, too late. In 1998, this would
have been great. In 2002 (pushing 2003), it's at best a yawn.

In short, here's a pragmatic question I have: if I were making a signature
today, and I thought that SHA-1 weren't big enough, why would I want to use
TIGER/192 over SHA-{256|384|512}?

Without a good answer to that question, I don't see why it should be there.
I'm even slightly sympathetic to people who think it and HAVAL should be
removed. They've both been overtaken by events.