On 30 September 2015 at 01:18, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Mon, 21 Sep 2015 11:13, simon(_at_)josefsson(_dot_)org said:
Regarding which hash to use, SHA-256 is probably the simplest
choice From a practicallity and consensus point of view. Are
there any strong reasons to favor something else?
I have a small preference to see the fingerprint algorithm match what
we believe the most popular signature (hash) algorithm will be. I've
been working with a number of embedded folks and code size can often
be a big concern. More Algorithms, More Code.
My perception is that the most popular signature hash algorithms right
now are SHA-256 and SHA-512. While SHA-256 and SHA-512 have somewhat
different characteristics on different platforms, I believe we are
approaching the limit of where a lot of additional comparisons are
worth the time and effort compared to just pick one of them. I'm fine
with SHA-256 for the reasons that Werner presented. Does someone
else want to promote another option? Can we get closure on this?
Description: OpenPGP digital signatur
openpgp mailing list