On Thu, Mar 09, 2017 at 05:45:31PM +0000, KellerFuchs wrote:
On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote:
That was a suggestion from the Berlin meeting.
Given that even for SHA-1 no pre-image attack is known, we get quite
some security margin by using 200 bits from SHA-256 over the 160 from
SHA-1.
[...]
Thanks a bunch for the explanation, this makes sense.
PS: I still don't get what's the advantage of SHA-256 there over Blake2,
given the current library support situation, security analysis and
performance.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp