Re: [openpgp] SHA3 algorithm ids.
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 11 August 2015 16:23 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DF0F1ACCFF for <openpgp@ietfa.amsl.com>; Tue, 11 Aug 2015 09:23:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.778
X-Spam-Level:
X-Spam-Status: No, score=-0.778 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URI_HEX=1.122] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_MXCQuluobs for <openpgp@ietfa.amsl.com>; Tue, 11 Aug 2015 09:23:02 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 9DAC51ACCFE for <openpgp@ietf.org>; Tue, 11 Aug 2015 09:22:59 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id A3BA4F984; Tue, 11 Aug 2015 12:22:57 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id D154A203F5; Tue, 11 Aug 2015 18:22:57 +0200 (CEST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
In-Reply-To: <CAMm+LwifPNxyj1LLA-k+8K=mmEztS42E2kcEfGFObPc0R2xvMQ@mail.gmail.com>
References: <87y4hmi19i.fsf@vigenere.g10code.de> <7540C7A9-2830-4A63-8310-B684796DA279@nohats.ca> <55C681FC.9010100@iang.org> <sjma8tztbgo.fsf@securerf.ihtfp.org> <CAMm+Lwj7SxXTn+KD-eQSeZHwJB36tCgD1t0bodVsp3ovOaZ8mw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD7C72@uxcn10-5.UoA.auckland.ac.nz> <CAMm+LwifPNxyj1LLA-k+8K=mmEztS42E2kcEfGFObPc0R2xvMQ@mail.gmail.com>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Tue, 11 Aug 2015 12:22:57 -0400
Message-ID: <87fv3ppzfi.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/PFYcfSIe6nrnCspNmNx-ASsjbtg>
Cc: IETF OpenPGP <openpgp@ietf.org>, Derek Atkins <derek@ihtfp.com>, ianG <iang@iang.org>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 16:23:03 -0000
On Tue 2015-08-11 10:16:43 -0400, Phillip Hallam-Baker wrote: > The CFRG replacement for ECDSA will almost certainly use the 512 bit wide > pipe hash internally. > > Dan Bernstein put together a Perl script that shows every algorithm and > every option. for those who haven't followed that process, djb's python script is here: http://ed25519.cr.yp.to/cfrg/signatures.py > If you are going to sign a 1Gb file then you are going to need > multiple trips through the digest function. Now there is of course a > good argument to be made for a faster 256 bit hash for the bulk digest > on that 1Gb file. (except when the 512-bit hash is faster for the bulk digest, see my earlier post in this thread) > Constrained devices still exist. But the constraint on processing speed is > easing up much more quickly than the constraint on code space and working > memory. The other constraints to consider are network bandwidth and permanent storage. But compared to the move from strong RSA to (any reasonable form of) ECC (e.g. the variable part of keys/signatures/PKESKs going from 2048 bits or more to 521 bits or less), the difference between a 256-bit hash and a 512-bit hash seems nearly lost in the noise. --dkg
- [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Christoph Anton Mitterer
- Re: [openpgp] SHA3 algorithm ids. Stephen Farrell
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Paul Wouters
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- [openpgp] Why or why not SHA{2,3}-512 (was: SHA3 … Werner Koch
- [openpgp] WWhy or why not SHA{2,3}-512 (was: SHA3… Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Werner Koch
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Daniel Kahn Gillmor
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- [openpgp] SHA-x performance (was: SHA3 algorithm … Werner Koch
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Daniel Kahn Gillmor
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Peter Gutmann
- Re: [openpgp] SHA-x performance (was: SHA3 algori… Dang, Quynh
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA-x performance Werner Koch
- Re: [openpgp] Why or why not SHA{2, 3}-512 (was: … Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] Why or why not SHA{2, 3}-512 Werner Koch
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA-x performance Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance ianG
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance Bill Frantz
- Re: [openpgp] SHA-x performance Hilarie Orman
- Re: [openpgp] WWhy or why not SHA{2, 3}-512 (was:… Phillip Hallam-Baker
- Re: [openpgp] SHA-x performance NIIBE Yutaka
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA-x performance Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Derek Atkins
- Re: [openpgp] SHA3 algorithm ids. Bill Frantz
- Re: [openpgp] SHA3 algorithm ids. Phillip Hallam-Baker
- Re: [openpgp] SHA3 algorithm ids. Peter Gutmann
- Re: [openpgp] SHA3 algorithm ids. Andrey Jivsov
- Re: [openpgp] SHA3 algorithm ids. ianG
- Re: [openpgp] SHA3 algorithm ids. Robert J. Hansen
- Re: [openpgp] SHA3 algorithm ids. Werner Koch