[Top] [All Lists]

Re: [openpgp] Fingerprints and their collisions resistance

2013-01-03 16:57:29
On Thu,  3 Jan 2013 20:06, openpgp(_at_)brainhub(_dot_)org said:

AES or for regulatory reasons. 3 AES sizes exist for performance

I'd say for marketing reasons. 

export/import control of encryption). Fingerptins are special data
structures because they are sometimes input by humans.

Well, humans compare fingerprints but don't enter them.  I doubt that I
ever did this in the last 20 years.

Let's say we choose SHA-3-384, which is no more difficult to implement
than SHA-2. We then simply use the current fingerprint algorithm but

Except that SHA-2 is already in use and has hardware support.

instead of SHA-1 use SHA-3-384. Then allow truncation of the output
(it's already implied by the 8 byte keyIDs). 20 byte fingerprint on a
business card may be reasonable, but we also would like to have full

So why should we truncate the fingerprint?  Is there a reason to believe
that truncation to 160 bit of SHA-2 or SHA-3 is seriously more secure
than SHA-1?  I don't know.

strength for regulatory compliance. Consider not hashing the key
creation date. Fixing all the variables in this paragraph, we have the

What would be the advantage of this except for yet another code path.

signed message, but I don't think they materially care about the
flavour of the fingerprint (as long as it's a "strong" one).

They will care if a key suddenly comes with two different fingerprints.
We never had this situation in OpenPGP.  Recall how long it took to get
rid of v3 keys.  Thus if we want a new fingerprint algorithm we need to
change more than just this.

BTW, what about re-establishing the OpenPGP WG? 



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>