Hi Aaron:
FYI - while SHA-3 has indeed not been standardized yet, a draft has been
published (FIPS Pub 202) on May 28, 2014 with comment period ending
August 26, 2014, just after the SHA-3 workshop in Santa Barbara.
Best regards, Rene
On 6/20/2014 9:21 AM, Aaron Toponce wrote:
Last night, I was playing around with rhash(1), and noticed that not only does
it support SHA3 (specifically, Keccak-n that does not append the additional
'01' bits at the end before padding), but it also supports Whirlpool.
Are there any plans on integrating Whirlpool and/or SHA3 into the OpenPGP
standard? The reason I ask, is because of the supported algorithms, MD5, SHA1,
SHA224, SHA256, SHA384, and SHA512 are all built using the Merkle–Damgård
construction. This seems like putting all of your eggs into one basket, and
seems like a bad idea to me.
Further, because MD4 and MD5 are broken, which both are built around
Merkle–Damgård, and there exist theoretical attacks on SHA1 and SHA2, it seems
like there may be some fundamental, abstract flaw with Merkle–Damgård.
Whirlpool uses the Miyaguchi-Preneel construction while SHA3 uses the sponge
construction. It would seem that adding in support for these constructions
would be wise for OpenPGP, provided there is some breakthrough cryptanalysis on
Merkle–Damgård, and every hash OpenPGP supports falls victim, other than
RIPEMD-160 perhaps.
Of course, SHA3 hasn't been standardized yet by NIST. I understand that. Either
OpenPGP could wait for the standardization, which is just a subset of Keccak,
or use Keccak directly. I could see both sides of the argument equally here.
Anyway, just curious.
Thanks,
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
email: rstruik(_dot_)ext(_at_)gmail(_dot_)com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp