On 10/08/2015 10:48 PM, ianG wrote:
2. The reason SHA-256 is the most popular these days is that, in the
wake of the 2004 Shandong hashquake, we've made a stunning amount of
progress in upgrading. We've almost decided against SHA1 in
certificates. We're almost serious about it. And now that freestart
collisions are chewing it down to its last 4 bits,
Actually, they finished chewing
(still only a freestart collision, but full 80 rounds)
we might actually ... do it.
Yep, and IMHO picking a hash function with a different inner structure
from SHA-1, and designed to address the issue coming with it, such as
SHA-3 may quite be a good idea.
After all, ~89% of the signatures currently present on the sks keyserver
network are made over a SHA-1 hash, and it may take a while to update
openpgp mailing list