Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was: SHA3 algorithm ids)
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 12 August 2015 20:05 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0BC71ACD81 for <openpgp@ietfa.amsl.com>; Wed, 12 Aug 2015 13:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-U1OSYjxfHx for <openpgp@ietfa.amsl.com>; Wed, 12 Aug 2015 13:05:38 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0F531ACD83 for <openpgp@ietf.org>; Wed, 12 Aug 2015 13:05:37 -0700 (PDT)
Received: by lagz9 with SMTP id z9so15209440lag.3 for <openpgp@ietf.org>; Wed, 12 Aug 2015 13:05:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=M9FcycAuFj5AYApCKYFc48PyRMS9S9YV2mqnCPLf6hM=; b=kcmpA5tjcsHlffcuH6/L9lACXho7qVfZUqplxxNeish04nThqkYrQHwU7akXqFvwX9 D2LtJwOTiHuqxQZ+L9jc77h+3IVMcdsF1Z7DdmYkU16pzbBuOe5/klB0LasIWwbd68GJ xP9TyE62L9XZZwcw+b9/sV7Li01Nti+zhwSkzWnB6SpxokbTfnpOuizEIKXvcZZe06+D dNpYZSYniB4zT2eezDpzAkAC9TVsE4wFzV9ktFkSAdCvN3EFCw8Sp1FGFTUESYoSftQ6 XmrQyNd0wRczGKmZ3Jtbdv/19E0iH2RbIgaiIm5e+//hRFqm7PtJ+/BXg/LQL7O49r2w Actg==
MIME-Version: 1.0
X-Received: by 10.152.178.229 with SMTP id db5mr34102956lac.55.1439409936366; Wed, 12 Aug 2015 13:05:36 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Wed, 12 Aug 2015 13:05:36 -0700 (PDT)
In-Reply-To: <87614lg72t.fsf_-_@vigenere.g10code.de>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org> <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz> <87614lg72t.fsf_-_@vigenere.g10code.de>
Date: Wed, 12 Aug 2015 16:05:36 -0400
X-Google-Sender-Auth: 2FbrZH_hSArKkRnOyZ83WrNK22U
Message-ID: <CAMm+LwiK=yU9i-LBH0MdUbJZ81K5OFyK_mQBF8WAPzbhjhAxDQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Phillip Hallam-Baker <phill@hallambaker.com>, Derek Atkins <derek@ihtfp.com>, IETF OpenPGP <openpgp@ietf.org>, ianG <iang@iang.org>
Content-Type: multipart/alternative; boundary="001a113415eaf183a8051d22bdc4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/GRlsKrpCtZ5Rf-wdhjQoo1wxEnA>
Subject: Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was: SHA3 algorithm ids)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 20:05:39 -0000
On Tue, Aug 11, 2015 at 11:47 AM, Werner Koch <wk@gnupg.org> wrote: > On Tue, 11 Aug 2015 15:21, pgut001@cs.auckland.ac.nz said: > > > What's the clear need for -512? By which I mean a demonstrated > practical need > > for a hash size of 64 bytes, not a hypothesised need given an imaginary > > attack. I can see a need for SHA-256 (to replace SHA-1), but for > something > > like SHA3-512 all I can see are downsides (compared to SHA2-256). > > One advantage of SHA-512 (SHA2) is that it faster than SHA-256 on modern > machines. Thus SHA-512 truncated to 256 might be an option. This would > eventually allow to write a small application which uses SHA-512 as its > only hash algorithm. > Yes, oddly enough, this is a case where the pressure seems to be behind 512 being the default strength. We definitely need 512 bits and adding 256 in addition seems like its the thing to do. While the CFRG crypto is going for the 512 bit hash internally, there is still a lot of ECDSA based stuff using the NIST curves and that expects the 256 bit digest. I can't see any particular reason for any of the other key strengths. Talking of constrained devices BTW, I'm just trying out the new Windows 10 on a Raspberry Pi 2. Of course its going to have all the NIST curve generation ECC and we are likely 3 years off the point where the CFRG stuff is ubiquitous.
- [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Stephen Farrell
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- [openpgp] Why or why not SHA{2,3}-512 (was: SHA3 … Werner Koch
- [openpgp] WWhy or why not SHA{2,3}-512 (was: SHA3… Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- [openpgp] SHA-x performance (was: SHA3 algorithm … Werner Koch
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Daniel Kahn Gillmor
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Peter Gutmann
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Dang, Quynh
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] Why or why not SHA{2, 3}-512 (was: … Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] Why or why not SHA{2, 3}-512 Werner Koch
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA-x performance Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Bill Frantz
- Re: [openpgp] SHA-x performance Hilarie Orman
- Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was:… Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance NIIBE Yutaka
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Andrey Jivsov
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Robert J. Hansen
- Re: [openpgp] SHA3 algorithm ids. Werner Koch