On 9/08/2015 02:40 am, Phillip Hallam-Baker wrote:
Thinking this through a bit further.
Why is anyone going to move from SHA-2 to SHA-3 ? Only reason I can
think of is a real or perceived weakness in SHA-2.
For which they ran a competition :) OK so now thinking has changed a bit.
"It's not pressing."
But it's always worth going for the most recent work; the thinking is
that SHA2 is not broken, which isn't the same as "it's state of the art."
SHA2 is cerca late 1990s design. SHA3 is early 2010s. I'm guessing
that difference is worth another 15 years on the lifespan.
My other reason for going for SHA3 is that then we could potentially do
the one-symmetric-suite on one code base, as one obligatory set.
However, that's only a thought balloon. I've not looked at the
complexity of SHA3 as hash or as AE algorithm (Keyak), in code. It
could be that the total coding complexity of say SHA2 + Chacha/Poly is
less than the new set, even with the same base.
As a coder, this is 99% of the worry - how complicated is the code, or
worse, as a manager, how much do I have to pay someone to implement it?
That being so, I can't see why they would go for a lower number of
bits/rounds.
Only reason could be that discussion of SHAKEs versus SHAs, and some
artifact that indicated that the longest rounds were actually
inefficient and over the top.
For OpenPGP, I think the case for 512 only or 256 and 512 is pretty strong.
On Sat, Aug 8, 2015 at 7:17 PM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net <mailto:calestyo(_at_)scientia(_dot_)net>>
wrote:
On Sat, 2015-08-08 at 23:48 +0100, ianG wrote:
> My "position" is only one hash, as many know well. I prefer the
> longest, because they are computers and they don't have enough work
> to
> do.
If only one is to be assigned a number, it should be definitely the
longest.
Cheers,
Chris.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp