ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: how close is OpenPGP tied to SHA1

2009-02-02 11:13:45
from [Daniel Kahn Gillmor] [Permanent Link] 
On 02/02/2009 08:14 AM, Peter Thomas wrote:

The first question would be: Are SHA2 algorithms really more secure
than SHA1? If so one could think to switch for example to SHA512.
Or even wait for SHA3.
Or are there any other promising hash functions? Whirlpool?


I think the answer is not to pick a "new, better" hash function for a
revised spec, but to make the spec flexible enough to actually use
whatever "new, better" hash function comes along (and to be able to
deprecate the ones implementors/users feel are untrustworthy).

So for the RFC it's more a question of making sure that everything is
parameterized than it is to say specific things like "no more MD5",
which may rapidly become out-of-date.

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Series of minor questions about OpenPGP 6, David Shaw
Next by Date:  Re: "newbie" questions: GPG a.k.a. GnuPG versus PGP corporation's products ... ; et cetera, Jon Callas
Previous by Thread:  Re: how close is OpenPGP tied to SHA1, Peter Thomas
Next by Thread:  Re: how close is OpenPGP tied to SHA1, Peter Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]