On Tue, 2015-05-05 at 23:26 +0200, Vincent Breitmoser wrote:
I would like to pick up on this point again: What's wrong with 160 bit
fingerprints? The bit length seems more than sufficient to cover any
Mooreian doubts, a more relevant issue would be weaknesses in the
hashing algorithm itself,
Hmm but if it can be easily done, is there anything that speaks against?
I think hashes up to 512 bit are still commonly "accepted" (even with
just hex encoding)... and I see no strong reason why we couldn't move to
e.g. RFC 4648 base32.
Actually others do similar things as well (e.g. OpenSSH).
And if it doesn't hurt, I rather go for the stronger, even if it should
never become necessary.
where the status is that in its 20 years not
even a collision has been found for SHA-1.
At least no one publicly known ;-)
Cheers,
Chris
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp