On Thu, Mar 9, 2017 at 10:47 AM, KellerFuchs
<KellerFuchs(_at_)hashbang(_dot_)sh>
wrote:
On Thu, Mar 09, 2017 at 05:45:31PM +0000, KellerFuchs wrote:
On Wed, Mar 08, 2017 at 08:02:54AM +0100, Werner Koch wrote:
That was a suggestion from the Berlin meeting.
Given that even for SHA-1 no pre-image attack is known, we get quite
some security margin by using 200 bits from SHA-256 over the 160 from
SHA-1.
[...]
Thanks a bunch for the explanation, this makes sense.
PS: I still don't get what's the advantage of SHA-256 there over Blake2,
given the current library support situation, security analysis and
performance.
I don't know anything about PGP library support, but my experience, at
least with SSL/TLS stacks, is that there is a lot more SHA-256 support than
support for {SHA-3, Blake2}
-Ekr
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp