Re: [openpgp] Fingerprints and their collisions resistance

[Werner Koch <wk@gnupg.org>]

On Thu,  3 Jan 2013 20:06, openpgp@brainhub.org said:

> AES or for regulatory reasons. 3 AES sizes exist for performance
> reasons.

I'd say for marketing reasons. 

> export/import control of encryption). Fingerptins are special data
> structures because they are sometimes input by humans.

Well, humans compare fingerprints but don't enter them.  I doubt that I
ever did this in the last 20 years.

> Let's say we choose SHA-3-384, which is no more difficult to implement
> than SHA-2. We then simply use the current fingerprint algorithm but

Except that SHA-2 is already in use and has hardware support.

> instead of SHA-1 use SHA-3-384. Then allow truncation of the output
> (it's already implied by the 8 byte keyIDs). 20 byte fingerprint on a
> business card may be reasonable, but we also would like to have full

So why should we truncate the fingerprint?  Is there a reason to believe
that truncation to 160 bit of SHA-2 or SHA-3 is seriously more secure
than SHA-1?  I don't know.

> strength for regulatory compliance. Consider not hashing the key
> creation date. Fixing all the variables in this paragraph, we have the

What would be the advantage of this except for yet another code path.

> signed message, but I don't think they materially care about the
> flavour of the fingerprint (as long as it's a "strong" one).

They will care if a key suddenly comes with two different fingerprints.
We never had this situation in OpenPGP.  Recall how long it took to get
rid of v3 keys.  Thus if we want a new fingerprint algorithm we need to
change more than just this.

BTW, what about re-establishing the OpenPGP WG? 


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.