ietf-openpgp
[Top] [All Lists]

Re: [openpgp] SHA3 algorithm ids.

2015-08-11 11:23:20
On Tue 2015-08-11 10:16:43 -0400, Phillip Hallam-Baker wrote:
The CFRG replacement for ECDSA will almost certainly use the 512 bit wide
pipe hash internally.

Dan Bernstein put together a Perl script that shows every algorithm and
every option.

for those who haven't followed that process, djb's python script is
here:

   http://ed25519.cr.yp.to/cfrg/signatures.py

If you are going to sign a 1Gb file then you are going to need
multiple trips through the digest function. Now there is of course a
good argument to be made for a faster 256 bit hash for the bulk digest
on that 1Gb file.

(except when the 512-bit hash is faster for the bulk digest, see my
earlier post in this thread)

Constrained devices still exist. But the constraint on processing speed is
easing up much more quickly than the constraint on code space and working
memory.

The other constraints to consider are network bandwidth and permanent
storage.  But compared to the move from strong RSA to (any reasonable
form of) ECC (e.g. the variable part of keys/signatures/PKESKs going
from 2048 bits or more to 521 bits or less), the difference between a
256-bit hash and a 512-bit hash seems nearly lost in the noise.

   --dkg

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp