ietf-openpgp
[Top] [All Lists]

Re: Non-SHA-1 fingerprints

2009-05-04 18:36:26

On 4/5/09 23:35, David Shaw wrote:

This does, of course, presume that all of our hashes for OpenPGP in the
future will generate an even number of bytes.


I like the idea.

But, I'm the one who favours aphorisms such as "there is only one mode, and it is secure." Or, perhaps, "There is one cipher suite, and it is numbered Number 1."

So I would be looking for SHA3 as the one and only thing that ever hashes the publics, and bugger the rest. Algorithm agility is for the birds. We would just need to agree how many even bytes to allocate to the SHA3 for the next 4 decades.

iang