+1 on PHB's plan.
On 6/05/2015 21:38 pm, Phillip Hallam-Baker wrote:
On Wed, May 6, 2015 at 2:38 PM, Christoph Anton Mitterer
We do not even need to decide on a strength. Just make is so that the
number of significant bits is however many bits that are provided. We
can all use SHA-2-512 or SHA-3-512 and truncate to 125, 150, 250...
bits as the application requires.
I'm a bit sceptical about that... I think we rather should specify some
lengths/format and at least not encourage implementations to choose what
they think would be enough (cause then we have folks like GNOME which
take the first and last byte or so *grin*)
For b-cards and so forth it isn't nearly as important to specify a
length or strength for security reasons. People can roll their own
business cards any time they want to change, and often they want
something shorter so that it fits nicely. This is a manageable risk.
If we are using Base32 and character groups of 5 characters (7-2
rule), the keys naturally come in 25 bit increments.
A 125 bit fingerprint has 117 bits and looks like this:
MFRTK-NJSMF-STOMR-WG5ST-ONZXGA
If we go for 150 bits we get:
MFRTK-NJSMF-STOMR-WG5ST-ONZXGA-YDKZB
Concur - this is good. It also nicely skips 160 bits, so we can even
imply the new hash from the length.
In 'under the covers' applications the user does not need to see, I
would hope we would support use of the 256 bit or full 512 bit
fingerprint. I would also hope we can use the possibility of an online
store to 'stretch' a fingerprint. If the user types in a 25 character
fingerprint, the system can get the rest off a key service.
Right, under the hood, use the full hash. Why muck around?
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp