[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] New fingerprint: which hash algo (was: to v5 or not to v5)

On Mon, 21 Sep 2015 11:13, simon@xxxxxxxxxxxxx said:

> Regarding which hash to use, SHA-256 is probably the simplest choice
> From a practicallity and consensus point of view.  Are there any strong
> reasons to favor something else?

I see also several reasons to favor SHA-256:

 - SHA-2 has shown no weaknesses during the SHA-3 competition.

 - SHA-256 is the commonly used hash algorithm for OpenPGP messages and
   keys and thus available in all code bases.

 - Although not an issue for fingerprints, SHA-3 is slower than SHA-2.

 - On embedded systems SHA-512 has a substantially performance penalty
   over SHA-256.

Given that modern ECC requires a larger than 256 bit hash, I am not sure
whether the next point is valid:

 - If we would go for a newer hash algorithm, all implementations would
   need to support SHA-256 (and SHA-1) anyway to support existing keys
   and allow verification of existing signatures.  Also decryption of
   symmetrically encrypted messages may require SHA-256 for the S2K.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

openpgp mailing list