[Top] [All Lists]

Re: [openpgp] New fingerprint: which hash algo

2015-10-09 12:14:21
Yep, and IMHO picking a hash function with a different inner structure
from SHA-1, and designed to address the issue coming with it, such as
SHA-3 may quite be a good idea.

I feel like a churl for observing this, but the history of
Merkle-Damgård hashes is really not very good.  MD4, MD5, SHA-0, SHA-1,
RIPEMD, and probably RIPEMD-160 and/or RIPEMD-128.

Some of this is because these are popular hash functions and as a result
have received the most cryptanalysis.  But part of me wonders if now
would not be an excellent time to introduce a non-Merkle-Damgård hash to
OpenPGP, in the hopes that maybe it will fare better.

openpgp mailing list