On Thu, Mar 23, 2017 at 7:53 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
Hi!
I try to summarize the positions on the v5 fingerprint porposal:
In favor of SHA-512 truncated to 200 bits:
- Thijs: Not a strong preference, though.
- Jon: Speed of fingerprint computing doesn't matter. SHA-512 is more
future proof.
In favor of SHA-256 truncated to 200 bits:
- Vincent: Even wants to truncate to 160 bits.
- Derek: Better for small systems. He gave numbers and showed that
for fingerprints SHA-256 is even faster on systems where
SHA-512 is in general faster.
- Peter Gutmann: Better for small systems.
- Werner: Allows SHA-256 only implementation to support IoST systems.
Other comments:
- Jon: Use SHA-512/t to have a well defined truncation scheme.
- Peter Todd: Do not truncated because the saving is not worth using a
non-standard scheme.
- Brian: Use SHAKE128 or 256, will be needed anyway if we add
Curve448.
- Werner: Using SHA-512 would allow compliant applications in case
Ed25519 would be a mandatory algorithm.
I'd add this one:
any time a spec does something non-standard it is a lightening rod for
criticism and FUD. Even if there are good and rational reasons for
doing something else, I'd advocate using a standard hash without
truncating for that reason.
Nicholas
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp