[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how close is OpenPGP tied to SHA1
-----BEGIN PGP SIGNED MESSAGE-----
On Feb 2, 2009, at 5:14 AM, Peter Thomas wrote:
> Hi Daniel.
> On Mon, Feb 2, 2009 at 2:59 AM, Daniel Kahn Gillmor
> <dkg@xxxxxxxxxxxxxxxxx> wrote:
>> This was just discussed on the list last month in a thread titled "A
>> review of hash function brittleness in OpenPGP":
> Thanks for that pointer.
> Well,.. not really ;-)
> The first question would be: Are SHA2 algorithms really more secure
> than SHA1?
> If so one could think to switch for example to SHA512.
You could. This is what most people are doing.
> Or even wait for SHA3.
This is likely the best answer.
> Or are there any other promising hash functions? Whirlpool?
Whirlpool is in my opinion a 2005 answer, not a 2009 answer. The
problem with Whirlpool is that it's slow, and still not as well
examined as SHA2.
Nonetheless, I've heard tell that someone is working on a Whirlpool I-
D, which isn't a bad thing, but is arguably unneeded presently.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
-----END PGP SIGNATURE-----