Re: [openpgp] New fingerprint: which hash algo

"Robert J. Hansen" <rjh@sixdemonbag.org> Fri, 09 October 2015 17:14 UTC

Return-Path: <rjh@sixdemonbag.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12CA11B48CC for <openpgp@ietfa.amsl.com>; Fri, 9 Oct 2015 10:14:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y31RA8cSwrmS for <openpgp@ietfa.amsl.com>; Fri, 9 Oct 2015 10:14:07 -0700 (PDT)
Received: from shards.monkeyblade.net (shards.monkeyblade.net [IPv6:2001:4f8:3:36:211:85ff:fe63:a549]) by ietfa.amsl.com (Postfix) with ESMTP id 8786C1B48C8 for <openpgp@ietf.org>; Fri, 9 Oct 2015 10:14:07 -0700 (PDT)
Received: from [10.10.142.30] (wsip-70-167-255-237.dc.dc.cox.net [70.167.255.237]) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 3C22D58C293 for <openpgp@ietf.org>; Fri, 9 Oct 2015 10:14:07 -0700 (PDT)
To: openpgp@ietf.org
References: <878u84zy4r.fsf@vigenere.g10code.de> <55FD7CF0.8030200@iang.org> <87io742kz7.fsf@latte.josefsson.org> <87mvw4ctv5.fsf_-_@vigenere.g10code.de> <CA+cU71n1OUq4TtmY+8S2yfu2bvjAr+=DwtN-4xRW4xitjDpFXg@mail.gmail.com> <20151006110330.38b38ea4@latte.josefsson.org> <5616F2AE.5050106@iang.org> <5617EF87.6020300@polimi.it>
From: "Robert J. Hansen" <rjh@sixdemonbag.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <5617F5DB.6020808@sixdemonbag.org>
Date: Fri, 9 Oct 2015 13:14:03 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <5617EF87.6020300@polimi.it>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 09 Oct 2015 10:14:07 -0700 (PDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/7z9BGMA8WyUUsm1hnxmxFt05f2o>
Subject: Re: [openpgp] New fingerprint: which hash algo
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2015 17:14:09 -0000

> Yep, and IMHO picking a hash function with a different inner structure
> from SHA-1, and designed to address the issue coming with it, such as
> SHA-3 may quite be a good idea.

I feel like a churl for observing this, but the history of
Merkle-Damgård hashes is really not very good.  MD4, MD5, SHA-0, SHA-1,
RIPEMD, and probably RIPEMD-160 and/or RIPEMD-128.

Some of this is because these are popular hash functions and as a result
have received the most cryptanalysis.  But part of me wonders if now
would not be an excellent time to introduce a non-Merkle-Damgård hash to
OpenPGP, in the hopes that maybe it will fare better.