Re: [openpgp] SHA3 algorithm ids.

ianG <iang@iang.org> Mon, 10 August 2015 03:02 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DC711A8A94 for <openpgp@ietfa.amsl.com>; Sun, 9 Aug 2015 20:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSn4YJMR8ROs for <openpgp@ietfa.amsl.com>; Sun, 9 Aug 2015 20:02:53 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE1081A8A91 for <openpgp@ietf.org>; Sun, 9 Aug 2015 20:02:53 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id EF0836D72E; Sun, 9 Aug 2015 23:02:51 -0400 (EDT)
Message-ID: <55C8146E.1050302@iang.org>
Date: Mon, 10 Aug 2015 04:03:10 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <835832901.20150808225230@gmail.com> <55C68729.3050603@iang.org>
In-Reply-To: <55C68729.3050603@iang.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/WFdg66FxK9iFkaozIP0hnImKrU4>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 03:02:56 -0000

On 8/08/2015 23:48 pm, ianG wrote:

> http://www.metzdowd.com/pipermail/cryptography/2015-August/026238.html

> From: Krisztián Pintér <pinterkr@gmail.com>;
...

> so to save the day, they added the SHAKE instances as a workaround.
> they are pretty much what SHA3 should have been. if you don't
> understand how a sponge works, you are very much free to use the SHA3
> instances. but if you want to do actual cryptography, you should
> choose the SHAKE's.


Which I think can be interpreted as suggestion to use SHAKE256, instead 
of the SHA3-xxx.

A potential advantage of that is that the algorithm expands, so we don't 
need to specify truncation any more.

Just call it with a range of set params for 'd':

keyId:         32
fingerprint:   100, 150
hash:          256.

(by way of example) Is there any known advantage of the smaller lengths 
being subsets of the larger?

iang