Re: [openpgp] SHA3 algorithm ids.

ianG <iang@iang.org> Wed, 19 August 2015 13:48 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD5381A1B16 for <openpgp@ietfa.amsl.com>; Wed, 19 Aug 2015 06:48:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6HgplzRd4E8b for <openpgp@ietfa.amsl.com>; Wed, 19 Aug 2015 06:47:59 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 641BF1A044F for <openpgp@ietf.org>; Wed, 19 Aug 2015 06:47:59 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id BB0136D7E8; Wed, 19 Aug 2015 09:47:57 -0400 (EDT)
Message-ID: <55D4890C.7000101@iang.org>
Date: Wed, 19 Aug 2015 14:47:56 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <87y4hmi19i.fsf@vigenere.g10code.de> <55D43E0F.6080201@brainhub.org>
In-Reply-To: <55D43E0F.6080201@brainhub.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/zug21_ASq-IYQKNw7cvav_uMalA>
Subject: Re: [openpgp] SHA3 algorithm ids.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 13:48:00 -0000

On 19/08/2015 09:27 am, Andrey Jivsov wrote:

> Please note that presently DSA or ECDSA truncate hashes. A digital
> signature with a DSA key with FIPS 186-3 L=2048 N=224 and a SHA3-256
> hash algorithm has security properties similar to the case when SHA3-224
> hash was used instead. In other words, an application already has a tool
> to use a 224-bit hash via an appropriate DSA/ECDSA key.
>
> RSA signatures have plenty of "free" space for the hash, therefore, it's
> not clear why SHA3-224 would be needed.



For reasons like the above and the rest of the conversation (and Peter's 
comment), I think we should be examining SHAKE more closely.  The world 
of hashes has changed fundamentally because of Sponge.  The old 
assumptions embedded in the above are literally that - old, tired, 
historical.  If we want to make OpenPGP for the future, we want to have 
a stab at aiming for that future.



iang