On 6 May 2015, Werner Koch wrote:
To be future proof we should get away from SHA-1 for fingerprints
and use SHA-256 (or SHA-512) instead.
I have no quarrel with changing the hash algo. If it improves security
at no cost of usability or complexity - go for it.
The external representation and even the internal use in OpenPGP is a
different issue and I am all in favor for truncating it to 32 bytes
for internal use and printing only up to 20 bytes. This avoids extra
work and SHA-256 is anyway required.
Sounds good to me. I'm just afraid that if "something stronger" is
available, people are going to use it. Design decisions and established
culture on top of the standard tend to be maximum conservative. Sort of
if you don't use the "full fingerprint" you're not doing "everything you
can" and people will use all 32 bytes no matter if it was ever intended
that way. That's not a huge deal, we just need to keep it in mind.
I would leave the fingerprint length at 20 bytes in the standard, if an
implementation chooses to use more internally that's up to them.
Defining the fingerprint to be 32 bytes, then adding "for printing, it
SHOULD be truncated to 20 bytes" seems silly.
- V
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp