Re: [openpgp] New fingerprint: which hash algo

"Daniel A. Nagy" <nagydani@epointsystem.org> Mon, 12 October 2015 12:46 UTC

Return-Path: <nagydani@epointsystem.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A73F01B2A44 for <openpgp@ietfa.amsl.com>; Mon, 12 Oct 2015 05:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9eXNdgsbgWWi for <openpgp@ietfa.amsl.com>; Mon, 12 Oct 2015 05:46:12 -0700 (PDT)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EC541AD0A5 for <openpgp@ietf.org>; Mon, 12 Oct 2015 05:46:12 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so16109184wic.0 for <openpgp@ietf.org>; Mon, 12 Oct 2015 05:46:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=NC7GM4wrsVMgdtR3XI/snQhudBnZ5B7Iuu5TkZK4wK8=; b=hrFyNzfHrh9vDj7wjaFgB9jven9BcnAIDH4COvk32Zp3zq8Qi7CHjt9QyW3CWh/JD3 JPa0YMT7VQpunZoTz7JCARz1oT7BeWKVUySVVnUxB9nSY+g4OrZFV61+KA7UfiNggSUm rrYojuBJtp4aybDp6W4O+uComcefzV9COCkdeDnM1MXs15oijiaBr17Q75TkyREx4kDA sgxAgpDAZbdksLm44EvD7Msa4vttiy4KyWDtoCG7Eht0P1geO8HS/JWTOsgJfjdTNUri HmwfNypvI5J4osHsgZo7TxZKdYqEUdLSn3p6iBhxaKBNQUQ2jtadESbFOLZ/yN6869Q4 ehNA==
X-Gm-Message-State: ALoCoQnlkgHg0eNDraNtB7flQTv+3IeF3Z/DSiInSO1xVEifgB1PFU7o8pH/16gm0ZTX4odyOYT9
X-Received: by 10.180.8.68 with SMTP id p4mr14685531wia.16.1444653970848; Mon, 12 Oct 2015 05:46:10 -0700 (PDT)
Received: from [192.168.120.120] (dhcp142.cs.elte.hu. [157.181.227.142]) by smtp.googlemail.com with ESMTPSA id az6sm10761114wib.12.2015.10.12.05.46.09 for <openpgp@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 12 Oct 2015 05:46:09 -0700 (PDT)
To: openpgp@ietf.org
References: <878u84zy4r.fsf@vigenere.g10code.de> <55FD7CF0.8030200@iang.org> <87io742kz7.fsf@latte.josefsson.org> <87mvw4ctv5.fsf_-_@vigenere.g10code.de> <CA+cU71n1OUq4TtmY+8S2yfu2bvjAr+=DwtN-4xRW4xitjDpFXg@mail.gmail.com> <20151006110330.38b38ea4@latte.josefsson.org> <5616F2AE.5050106@iang.org>
From: "Daniel A. Nagy" <nagydani@epointsystem.org>
Message-ID: <561BAB91.8040104@epointsystem.org>
Date: Mon, 12 Oct 2015 14:46:09 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <5616F2AE.5050106@iang.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/WCO3gAIHBv02PqlpT6UMCtHGtkE>
Subject: Re: [openpgp] New fingerprint: which hash algo
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 12:46:15 -0000

Hello,

Now that SHA1 is on the brink of being broken, I believe that all
Merkle–Damgård hashes should be avoided in new designs. Keccak (SHA-3)
is just better in so many ways.

Daniel

On 2015-10-09 00:48, ianG wrote:
> On 6/10/2015 10:03 am, Simon Josefsson wrote:
>>> On 30 September 2015 at 01:18, Werner Koch <wk@gnupg.org>; wrote:
>>>> On Mon, 21 Sep 2015 11:13, simon@josefsson.org said:
>>>>
>>>>> Regarding which hash to use, SHA-256 is probably the simplest
>>>>> choice From a practicallity and consensus point of view.  Are
>>>>> there any strong reasons to favor something else?
>>>
>>> I have a small preference to see the fingerprint algorithm match what
>>> we believe the most popular signature (hash) algorithm will be. I've
>>> been working with a number of embedded folks and code size can often
>>> be a big concern. More Algorithms, More Code.
>>
>> My perception is that the most popular signature hash algorithms right
>> now are SHA-256 and SHA-512.
> 
> Err... A few minor quibbles here about the notions of cryptographic
> democracy:
> 
> 
> 1.  Popularity?  Why is that interesting?  Surely we can do a bit better
> than democracy or fashion or votes on cat pictures?
> 
> Engineering or planning, anyone?
> 
> 2.  The reason SHA-256 is the most popular these days is that, in the
> wake of the 2004 Shandong hashquake, we've made a stunning amount of
> progress in upgrading.  We've almost decided against SHA1 in
> certificates.  We're almost serious about it.  And now that freestart
> collisions are chewing it down to its last 4 bits, we might actually ...
> do it.
> 
> (Which is to say, popularity got us to a situation where *11* years
> after the shots were fired, and 15 years after the new version was
> delivered, we're still using lots and lots of SHA1.  We want to improve
> that with 15 year old tech?)
> 
> 3.  It's certainly a stunning indictment on algorithmic agility that
> SHA1 is still an issue, which is another process by which popularity
> makes its objective mark.
> 
> 
>> While SHA-256 and SHA-512 have somewhat
>> different characteristics on different platforms, I believe we are
>> approaching the limit of where a lot of additional comparisons are
>> worth the time and effort compared to just pick one of them.  I'm fine
>> with SHA-256 for the reasons that Werner presented.  Does someone
>> else want to promote another option?  Can we get closure on this?
>>
>> /Simon
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp