-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 2, 2009, at 5:14 AM, Peter Thomas wrote:
Hi Daniel.
On Mon, Feb 2, 2009 at 2:59 AM, Daniel Kahn Gillmor
<dkg(_at_)fifthhorseman(_dot_)net> wrote:
This was just discussed on the list last month in a thread titled "A
review of hash function brittleness in OpenPGP":
Thanks for that pointer.
Proposals?
Well,.. not really ;-)
The first question would be: Are SHA2 algorithms really more secure
than SHA1?
Yes.
If so one could think to switch for example to SHA512.
You could. This is what most people are doing.
Or even wait for SHA3.
This is likely the best answer.
Or are there any other promising hash functions? Whirlpool?
Whirlpool is in my opinion a 2005 answer, not a 2009 answer. The
problem with Whirlpool is that it's slow, and still not as well
examined as SHA2.
Nonetheless, I've heard tell that someone is working on a Whirlpool I-
D, which isn't a bad thing, but is arguably unneeded presently.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFJhzXSsTedWZOD3gYRAtnjAJ4jMDgb4Mo8IvmwrDm2/6VoErPDRQCePy0H
iVfu1LkaNDzGbiQG3tJR6Ss=
=45R0
-----END PGP SIGNATURE-----