[Top] [All Lists]

Re: [openpgp] New fingerprint: which hash algo (was: to v5 or not to v5)

2015-10-06 04:03:57
On 30 September 2015 at 01:18, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Mon, 21 Sep 2015 11:13, simon(_at_)josefsson(_dot_)org said:

Regarding which hash to use, SHA-256 is probably the simplest
choice From a practicallity and consensus point of view.  Are
there any strong reasons to favor something else?

I have a small preference to see the fingerprint algorithm match what
we believe the most popular signature (hash) algorithm will be. I've
been working with a number of embedded folks and code size can often
be a big concern. More Algorithms, More Code.

My perception is that the most popular signature hash algorithms right
now are SHA-256 and SHA-512.  While SHA-256 and SHA-512 have somewhat
different characteristics on different platforms, I believe we are
approaching the limit of where a lot of additional comparisons are
worth the time and effort compared to just pick one of them.  I'm fine
with SHA-256 for the reasons that Werner presented.  Does someone
else want to promote another option?  Can we get closure on this?


Attachment: pgpoKsQnwkOtd.pgp
Description: OpenPGP digital signatur

openpgp mailing list