* "Hal Finney" wrote:
(Although RIPEMD-160 has not been attacked, the earlier RIPEMD hash was
broken last year, and it seems plausible that the new attacks could work
against RIPEMD-160 as well.)
IBTD. By the same argument applies to the SHA-2 family. It is senseless.
I suggest that we do one of two things. We could change the spec to
require SHA-1 with DSA keys, and then when NIST comes out with DSA-2
which uses SHA-2 (which they have been promising for years now), we will
then support the larger hashes. Or we could change the spec to allow
any hash >= 160 bits to be used with DSA keys. We could follow the NIST
recommendation in
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
and use just the left 160 bits of the larger hash.
Because every hash of 160bit will do, I'd propose to be as flexible as
possible. We can provide a general statement about hashes in all contexts:
"If the digest is larger than expected, only the leftmost bits count."
I do not know if those truncated hashes provide the same level of security ...