IETF Logo Mail Archive

Re: [openpgp] V5 Fingerprint again

Leo Gaspard <leo@gaspard.io> Thu, 02 March 2017 10:33 UTC

Return-Path: <leo@gaspard.io>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C9F1294EA for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2017 02:33:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.236
X-Spam-Level:
X-Spam-Status: No, score=-1.236 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2EvUJdSpikke for <openpgp@ietfa.amsl.com>; Thu, 2 Mar 2017 02:33:49 -0800 (PST)
Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr [80.12.242.129]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C0071294A8 for <openpgp@ietf.org>; Thu, 2 Mar 2017 02:33:49 -0800 (PST)
Received: from [0.0.0.0] ([91.121.91.176]) by mwinf5d42 with ME id qyZm1u00M3oJ4gz03yZm2g; Thu, 02 Mar 2017 11:33:47 +0100
X-ME-Helo: [0.0.0.0]
X-ME-Auth: bGVvLmdhc3BhcmRAd2FuYWRvby5mcg==
X-ME-Date: Thu, 02 Mar 2017 11:33:47 +0100
X-ME-IP: 91.121.91.176
To: openpgp@ietf.org
References: <20170302001227.2CE73E2040@mail2.ihtfp.org>
From: Leo Gaspard <leo@gaspard.io>
Message-ID: <e5504e15-7c76-d913-ce8e-0f888480cdce@gaspard.io>
Date: Thu, 02 Mar 2017 11:33:46 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <20170302001227.2CE73E2040@mail2.ihtfp.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="BpDWN7dxnNxtQ9NQnpV3c82MIG9woMudV"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NhwPknNmpHsGEH2ksbAfmO0i9P4>
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 10:33:51 -0000

On 03/02/2017 01:12 AM, Derek Atkins wrote:
> Because the SHA3 competition showed us that SHA2 is a good hash...  and
> SHA2 is much faster than SHA3.

Not being a cryptographer I can't tell much about SHA2's security, but I
was told even if there is no flaw found at the moment in SHA2 the
construction it is based on (Merkle-Damgard) is the same as for MD5 and
SHA1 and has started to show some weaknesses, while SHA3 is based on the
sponge construction, which may be more secure.

As for the speed, if I read [1] correctly (which, granted, isn't a
given), SHA2 isn't "much faster" than SHA3, as keccak512 is faster than
sha256 while keccak1024 is slower than sha512 (for equivalent security).


[1] https://bench.cr.yp.to/results-sha3.html

v2.23.0 | Report a Bug | By Email