Re: [openpgp] SHA3 algorithm ids.
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 11 August 2015 14:16 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F981A8AC2 for <openpgp@ietfa.amsl.com>; Tue, 11 Aug 2015 07:16:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KL5lj0HX_oTj for <openpgp@ietfa.amsl.com>; Tue, 11 Aug 2015 07:16:45 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B4C61A8A99 for <openpgp@ietf.org>; Tue, 11 Aug 2015 07:16:45 -0700 (PDT)
Received: by lagz9 with SMTP id z9so71772013lag.3 for <openpgp@ietf.org>; Tue, 11 Aug 2015 07:16:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=iraCo0HiTRoerlbgMe+2RMxZGTFxr2/HsxHWAYUM26g=; b=p9g29MkXlt0vBVDR+rM3XiywVBEe2jL1lWgpYzFAgDDIS6NM6bnCnRpWymqiLW45G5 Vhf0AczWME9/4hipwySOSi/t83cEY3KfslSF1PZPQ4S3btF3i/oFppWmJIfxDgNbHjUO 1ntPLjAx3vcs6HNAf2Li1fopsPcsylO/RnpwXMAW2V6faeMKH4j/JQdvWTUfJo2+2+GQ GLHCp4CI6faTNKTLxaBewGQwky47zYodYieTK93hnJ3empH3zZHhWotS6KTFFrRSUX4o dt8QosU/LoHNH9gGxFlImueMtBhiEePlA+KlRAUfYDZwzeLrlXAtmPEL7VbwXRvsK23C 2SiQ==
MIME-Version: 1.0
X-Received: by 10.112.126.65 with SMTP id mw1mr9591934lbb.124.1439302603350; Tue, 11 Aug 2015 07:16:43 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Tue, 11 Aug 2015 07:16:43 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org> <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz>
Date: Tue, 11 Aug 2015 10:16:43 -0400
X-Google-Sender-Auth: _ckGu9yHXPTMtNASHkGjSXASLIs
Message-ID: <CAMm+LwifPNxyj1LLA-k+8K=mmEztS42E2kcEfGFObPc0R2xvMQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="001a11c3693665aaa6051d09c043"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/AusK708HUlqFtXV5xubf6DkLHok>
Cc: IETF OpenPGP <openpgp@ietf.org>, Derek Atkins <derek@ihtfp.com>, ianG <iang@iang.org>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 14:16:46 -0000
On Tue, Aug 11, 2015 at 9:21 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Phillip Hallam-Baker <phill@hallambaker.com> writes: > > >There is a very clear need for 512 bits and there is a case for 256 bits. > > What's the clear need for -512? By which I mean a demonstrated practical > need > for a hash size of 64 bytes, not a hypothesised need given an imaginary > attack. I can see a need for SHA-256 (to replace SHA-1), but for something > like SHA3-512 all I can see are downsides (compared to SHA2-256). > The CFRG replacement for ECDSA will almost certainly use the 512 bit wide pipe hash internally. Dan Bernstein put together a Perl script that shows every algorithm and every option. If you are going to sign a 1Gb file then you are going to need multiple trips through the digest function. Now there is of course a good argument to be made for a faster 256 bit hash for the bulk digest on that 1Gb file. But you also need one or more digests of fixed bits of data internally. So the practical upshot is that if we were to define an absolutely minimal cryptolib it would almost certainly include the 512 bit digest. The 256 bit is optional. Constrained devices still exist. But the constraint on processing speed is easing up much more quickly than the constraint on code space and working memory.
- [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Stephen Farrell
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- [openpgp] Why or why not SHA{2,3}-512 (was: SHA3 … Werner Koch
- [openpgp] WWhy or why not SHA{2,3}-512 (was: SHA3… Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- [openpgp] SHA-x performance (was: SHA3 algorithm … Werner Koch
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Daniel Kahn Gillmor
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Peter Gutmann
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Dang, Quynh
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] Why or why not SHA{2, 3}-512 (was: … Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] Why or why not SHA{2, 3}-512 Werner Koch
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA-x performance Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Bill Frantz
- Re: [openpgp] SHA-x performance Hilarie Orman
- Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was:… Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance NIIBE Yutaka
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Andrey Jivsov
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Robert J. Hansen
- Re: [openpgp] SHA3 algorithm ids. Werner Koch