IETF Logo Mail Archive

Re: [openpgp] V5 Fingerprint again

KellerFuchs <KellerFuchs@hashbang.sh> Fri, 03 March 2017 17:12 UTC

Return-Path: <kellerfuchs@hashbang.sh>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76AF712956A for <openpgp@ietfa.amsl.com>; Fri, 3 Mar 2017 09:12:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QM2ccaVasB6z for <openpgp@ietfa.amsl.com>; Fri, 3 Mar 2017 09:12:38 -0800 (PST)
Received: from mail.hashbang.sh (mail.hashbang.sh [104.236.46.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBC3712953A for <openpgp@ietf.org>; Fri, 3 Mar 2017 09:12:37 -0800 (PST)
Received: from localhost (to1.hashbang.sh [104.245.37.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hashbang.sh (Postfix) with ESMTPS id BDA0F1694C; Fri, 3 Mar 2017 17:12:36 +0000 (UTC)
Date: Fri, 03 Mar 2017 17:12:36 +0000
From: KellerFuchs <KellerFuchs@hashbang.sh>
To: Derek Atkins <derek@ihtfp.com>
Message-ID: <20170303171236.GB2@hashbang.sh>
References: <20170302001227.2CE73E2040@mail2.ihtfp.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20170302001227.2CE73E2040@mail2.ihtfp.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ntFPfaT6Z17fbsINMMJzAeZqiDU>
Cc: Leo Gaspard <leo@gaspard.io>, openpgp@ietf.org
Subject: Re: [openpgp] V5 Fingerprint again
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2017 17:12:40 -0000

On Wed, Mar 01, 2017 at 07:12:20PM -0500, Derek Atkins wrote:
> On  Wed, Mar 1, 2017 6:27 PM, Leo Gaspard <leo@gaspard.io> wrote:
> > On 03/01/2017 06:30 PM, Phillip Hallam-Baker wrote:
> > > H(x) = SHA-2-512(x)
> > 
> > Hoping this hasn't been discussed before, but... is there a reason for
> > not picking SHA3-512? (or SHAKE256 with 25*8 bits of output if willing
> > to stay at 25 octets for the fingerprint)
>
> Because the SHA3 competition showed us that SHA2 is a good hash...  and SHA2 is much faster than SHA3.

BLAKE2 is faster than either (2-3× faster than SHA-2, depending on configuration,
and about 3-5× faster than SHA-3), and designed for ease-of-implementation on a
variety of platforms, and was standardized as [RFC 7693].

It's widely-regarded as secure; quoting the SHA-3 final report [0]:

> BLAKE and Keccak have very large security margins. [...]
> Skein and BLAKE have no known distinguishing attacks that come close to threatening their
> full-round versions.  Grøstl, Skein, and BLAKE have a large number of attack papers reflecting
> considerable depth of analysis.


Moreover, quite a few projects already picked it as their hash function of
choice, due to said advantages, so there is existing library support and
we can likely expect that to be true for quite some time.


In that context, is there something I missed which says
we can't have our cake and eat it too?


Best,

  kf


[0]: http://nvlpubs.nist.gov/nistpubs/ir/2012/NIST.IR.7896.pdf
[RFC 7693]: https://tools.ietf.org/html/rfc7693

> 
> -derek
> 
> Sent from my mobile device. Please excuse any typos.
> 
> ----- Reply message -----
> From: "Leo Gaspard" <leo@gaspard.io>
> To: <openpgp@ietf.org>
> Subject: [openpgp] V5 Fingerprint again
> Date: Wed, Mar 1, 2017 6:27 PM
> 
> On 03/01/2017 06:30 PM, Phillip Hallam-Baker wrote:
> > H(x) = SHA-2-512(x)
> 
> Hoping this hasn't been discussed before, but... is there a reason for
> not picking SHA3-512? (or SHAKE256 with 25*8 bits of output if willing
> to stay at 25 octets for the fingerprint)
> 
> This should push back the next required switch to a v6 key.

> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email