Re: [openpgp] SHA3 algorithm ids.

Derek Atkins <> Mon, 17 August 2015 05:23 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1073D1A9171 for <>; Sun, 16 Aug 2015 22:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.749
X-Spam-Level: *
X-Spam-Status: No, score=1.749 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DATE_IN_PAST_12_24=1.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eD7R4kMLhXBu for <>; Sun, 16 Aug 2015 22:23:14 -0700 (PDT)
Received: from ( [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0A0261A8958 for <>; Sun, 16 Aug 2015 22:23:14 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2A379E2035; Mon, 17 Aug 2015 01:23:12 -0400 (EDT)
Received: from ([]) by localhost ( []) (amavisd-maia, port 10024) with ESMTP id 29917-02-3; Mon, 17 Aug 2015 01:23:10 -0400 (EDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by (Postfix) with ESMTPS id 4039AE2038; Mon, 17 Aug 2015 01:23:09 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1439788989; bh=aapJBWr2pS+t6AIu6oL5EumaVKyPcoLN8jK27QkDXGc=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=Yk1bQGLsD4qaZglLekh3+euyg1I3qVFncehUqdR5l1xw7rCZNP/YXvn7Vrtqsigi2 mbAuVeEYIws/H2sNkOX1E/2pp4I43aK5qA9nqIWuViRxgKOZRW5RR1TJ9x23vxYr3w J+8zyM74qR73hp9/h5mIScieubAlI+50o/wO18Ek=
Received: (from warlord@localhost) by (8.14.8/8.14.8/Submit) id t7GFlvAx020300; Sun, 16 Aug 2015 11:47:57 -0400
From: Derek Atkins <>
To: Bill Frantz <>
References: <r422Ps-1075i-B91C7CA071994E60BDD35270ADD9854F@Williams-MacBook-Pro.local>
Date: Sun, 16 Aug 2015 11:47:57 -0400
In-Reply-To: <r422Ps-1075i-B91C7CA071994E60BDD35270ADD9854F@Williams-MacBook-Pro.local> (Bill Frantz's message of "Fri, 14 Aug 2015 11:19:42 -0700")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <>
Cc: IETF OpenPGP <>, Phillip Hallam-Baker <>, Derek Atkins <>, ianG <>, Peter Gutmann <>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 17 Aug 2015 05:23:15 -0000

Bill Frantz <> writes:

> On 8/13/15 at 6:32 AM, (Derek Atkins) wrote:
>>>Yes, these chips are not going away any time soon. The number of chips being
>>>made with 6502 based cores has increased every year since the 80s. But the
>>>problem with the chips isn't just that they are slow.
>>I'm not seeing 6502, but I am seeing a lot of 8051.
> I think in the IoT space, we will need to have signed software
> updates. I don't think there is much of an issue taking several
> seconds to verify an update signature, but these 8 bit processors seem
> like the right level of hardware for these IoT devices.

Yes, signed software is definitely one use case.  However, often on
these systems it's more than just authenticating a software update;
sometimes it might actually want to check the signature on every bootup
(to prevent an attack on the flash/firmware)!

I'll note that there are alternate algorithms that run much faster than
ECC (e.g. Algebraic Eraser can run in the tens of miliseconds instead of
the ones of seconds of ECC)!  However my real point is that we should
not ignore these platforms, and more specifically we should remember
that they might not have the power to run the same algorithms that work
fine on our x86-64 servers.

> Cheers - Bill

       Derek Atkins                 617-623-3745   
       Computer and Internet Security Consultant