Re: [openpgp] New fingerprint: which hash algo
"Daniel A. Nagy" <nagydani@epointsystem.org> Mon, 12 October 2015 12:46 UTC
Return-Path: <nagydani@epointsystem.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A73F01B2A44 for <openpgp@ietfa.amsl.com>; Mon, 12 Oct 2015 05:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9eXNdgsbgWWi for <openpgp@ietfa.amsl.com>; Mon, 12 Oct 2015 05:46:12 -0700 (PDT)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EC541AD0A5 for <openpgp@ietf.org>; Mon, 12 Oct 2015 05:46:12 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so16109184wic.0 for <openpgp@ietf.org>; Mon, 12 Oct 2015 05:46:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=NC7GM4wrsVMgdtR3XI/snQhudBnZ5B7Iuu5TkZK4wK8=; b=hrFyNzfHrh9vDj7wjaFgB9jven9BcnAIDH4COvk32Zp3zq8Qi7CHjt9QyW3CWh/JD3 JPa0YMT7VQpunZoTz7JCARz1oT7BeWKVUySVVnUxB9nSY+g4OrZFV61+KA7UfiNggSUm rrYojuBJtp4aybDp6W4O+uComcefzV9COCkdeDnM1MXs15oijiaBr17Q75TkyREx4kDA sgxAgpDAZbdksLm44EvD7Msa4vttiy4KyWDtoCG7Eht0P1geO8HS/JWTOsgJfjdTNUri HmwfNypvI5J4osHsgZo7TxZKdYqEUdLSn3p6iBhxaKBNQUQ2jtadESbFOLZ/yN6869Q4 ehNA==
X-Gm-Message-State: ALoCoQnlkgHg0eNDraNtB7flQTv+3IeF3Z/DSiInSO1xVEifgB1PFU7o8pH/16gm0ZTX4odyOYT9
X-Received: by 10.180.8.68 with SMTP id p4mr14685531wia.16.1444653970848; Mon, 12 Oct 2015 05:46:10 -0700 (PDT)
Received: from [192.168.120.120] (dhcp142.cs.elte.hu. [157.181.227.142]) by smtp.googlemail.com with ESMTPSA id az6sm10761114wib.12.2015.10.12.05.46.09 for <openpgp@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 12 Oct 2015 05:46:09 -0700 (PDT)
To: openpgp@ietf.org
References: <878u84zy4r.fsf@vigenere.g10code.de> <55FD7CF0.8030200@iang.org> <87io742kz7.fsf@latte.josefsson.org> <87mvw4ctv5.fsf_-_@vigenere.g10code.de> <CA+cU71n1OUq4TtmY+8S2yfu2bvjAr+=DwtN-4xRW4xitjDpFXg@mail.gmail.com> <20151006110330.38b38ea4@latte.josefsson.org> <5616F2AE.5050106@iang.org>
From: "Daniel A. Nagy" <nagydani@epointsystem.org>
Message-ID: <561BAB91.8040104@epointsystem.org>
Date: Mon, 12 Oct 2015 14:46:09 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <5616F2AE.5050106@iang.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/WCO3gAIHBv02PqlpT6UMCtHGtkE>
Subject: Re: [openpgp] New fingerprint: which hash algo
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 12:46:15 -0000
Hello, Now that SHA1 is on the brink of being broken, I believe that all Merkle–Damgård hashes should be avoided in new designs. Keccak (SHA-3) is just better in so many ways. Daniel On 2015-10-09 00:48, ianG wrote: > On 6/10/2015 10:03 am, Simon Josefsson wrote: >>> On 30 September 2015 at 01:18, Werner Koch <wk@gnupg.org> wrote: >>>> On Mon, 21 Sep 2015 11:13, simon@josefsson.org said: >>>> >>>>> Regarding which hash to use, SHA-256 is probably the simplest >>>>> choice From a practicallity and consensus point of view. Are >>>>> there any strong reasons to favor something else? >>> >>> I have a small preference to see the fingerprint algorithm match what >>> we believe the most popular signature (hash) algorithm will be. I've >>> been working with a number of embedded folks and code size can often >>> be a big concern. More Algorithms, More Code. >> >> My perception is that the most popular signature hash algorithms right >> now are SHA-256 and SHA-512. > > Err... A few minor quibbles here about the notions of cryptographic > democracy: > > > 1. Popularity? Why is that interesting? Surely we can do a bit better > than democracy or fashion or votes on cat pictures? > > Engineering or planning, anyone? > > 2. The reason SHA-256 is the most popular these days is that, in the > wake of the 2004 Shandong hashquake, we've made a stunning amount of > progress in upgrading. We've almost decided against SHA1 in > certificates. We're almost serious about it. And now that freestart > collisions are chewing it down to its last 4 bits, we might actually ... > do it. > > (Which is to say, popularity got us to a situation where *11* years > after the shots were fired, and 15 years after the new version was > delivered, we're still using lots and lots of SHA1. We want to improve > that with 15 year old tech?) > > 3. It's certainly a stunning indictment on algorithmic agility that > SHA1 is still an issue, which is another process by which popularity > makes its objective mark. > > >> While SHA-256 and SHA-512 have somewhat >> different characteristics on different platforms, I believe we are >> approaching the limit of where a lot of additional comparisons are >> worth the time and effort compared to just pick one of them. I'm fine >> with SHA-256 for the reasons that Werner presented. Does someone >> else want to promote another option? Can we get closure on this? >> >> /Simon > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp
- [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 vedaal
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Simon Josefsson
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel A. Nagy
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo (w… Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
- Re: [openpgp] New fingerprint: to v5 or not to v5 Phillip Hallam-Baker
- Re: [openpgp] New fingerprint: which hash algo (w… Tom Ritter
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Mark D. Baushke
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo (w… Simon Josefsson
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: which hash algo ianG
- Re: [openpgp] New fingerprint: which hash algo vedaal
- Re: [openpgp] New fingerprint: which hash algo Steve Pointer
- Re: [openpgp] New fingerprint: which hash algo Alessandro Barenghi
- Re: [openpgp] New fingerprint: which hash algo Robert J. Hansen
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Jonathan McDowell
- Re: [openpgp] New fingerprint: to v5 or not to v5 Nicholas Cole
- Re: [openpgp] New fingerprint: to v5 or not to v5 Vincent Breitmoser
- Re: [openpgp] New fingerprint: which hash algo Daniel A. Nagy
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker
- Re: [openpgp] New fingerprint: which hash algo ianG
- Re: [openpgp] New fingerprint: which hash algo Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker