Re: TFM needed ro R

[Ned Freed <Ned.Freed@innosoft.com>]

> Okay, will do.  Does anyone have a reference for the RIPE-MD algorithm?
> The library I'm using doesn't have it and Applied Cryptography dedicates
> 6.5 lines to it with no algorithm.  SHA I have.

That's RIPEMD160, not RIPEMD. Different algorithms. RIPEMD is too close to MD4
to be trusted. As for references, you'll find the reference for RIPEMD160 in
the CryptoByte article I cited. Full source code is provided.

Also make sure you use the SHA-1 variant (with the extra rotate) rather than
plain SHA.

> Okay, so the various MDs are going to be included only for compatibility
> with old software.  But, I still need to support them.  This is probably
> opening a pandora's box, but which should I use by default, SHA or
> RIPE-MD?  Is one better than the other, does one or the other have nasty
> patents or weird export controls?

I prefer the former because it has been out longer and has therefore been
looked at a lot more closely. RIPEMD160 is brand new; it is way too soon
to count on its strengths, even though the design of it seems sound.

It is unfortunately the case, however, that both SHA-1 and RIPEMD160 are
relative newcomers. With MD5 apparently about to topple we're now in a
situation where relatively new algorithms are the only real options.

				Ned