On 20 Apr 2015, Derek Atkins wrote:
Short fingerprints are important; if they are getting too long
they won't serve a purpose because the public key could be used
directly.
If we use a 256-bit fingerprint for a 255-bit curve25519 key,
what's the point?
* digest algorithm; we need preimage resistance; we do not need
collision resistance.
So you're saying we can stick with SHA1? ;)
I would like to pick up on this point again: What's wrong with 160 bit
fingerprints? The bit length seems more than sufficient to cover any
Mooreian doubts, a more relevant issue would be weaknesses in the
hashing algorithm itself, where the status is that in its 20 years not
even a collision has been found for SHA-1.
Seeing talk about fingerprints which "still fit into one line" and
"maybe moving to SHA3-512" while at the same time asserting that manual
verification of fingerprints should still be a thing, I'm a little
concerned about the direction this is going...
- V
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp