On 6/05/2015 23:14 pm, Phillip Hallam-Baker wrote:
On Wed, May 6, 2015 at 5:31 PM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net> wrote:
Is there any broad consensus already about SHA2 vs. SHA3 (except the
traditionalist argument)?
The folk I have spoken to were of the opinion that the SHA3 contest
actually confirmed people's confidence in SHA2. So I don't see a need
to jump to the next bright shiny object.
SHA3 is supported in pretty much every stack now, SHA3 is still a bit
of a work in progress.
So I would suggest that SHA-2-512 be REQUIRED and SHA-3-512 be RECOMMENDED.
All the above is reasonable. However there is one further argument in
favour of SHA-3 which is that it is going to come in the form of a much
larger / more powerful toolkit. It's no longer "just a hash."
It has specific modes attached to it that can do, for example, AE, and
that AE mode has (I gather) been used for the CAESAR competition.
Point being, there is a chance that we can do the whole symmetric part
with only one algorithm... :-o
Now I know this will give people the heebie jeebies, so what I'd say now
is that we delay a firm decision until NIST have published their spec on
SHA-3 and then review it to get the true story. My information is based
on a presentation I saw by the Keccak team, so possibly I'm way off
base. NIST will clarify this all.
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp