Okay, will do. Does anyone have a reference for the RIPE-MD algorithm?
The library I'm using doesn't have it and Applied Cryptography dedicates
6.5 lines to it with no algorithm. SHA I have.
That's RIPEMD160, not RIPEMD. Different algorithms. RIPEMD is too close to MD4
to be trusted. As for references, you'll find the reference for RIPEMD160 in
the CryptoByte article I cited. Full source code is provided.
Also make sure you use the SHA-1 variant (with the extra rotate) rather than
plain SHA.
Okay, so the various MDs are going to be included only for compatibility
with old software. But, I still need to support them. This is probably
opening a pandora's box, but which should I use by default, SHA or
RIPE-MD? Is one better than the other, does one or the other have nasty
patents or weird export controls?
I prefer the former because it has been out longer and has therefore been
looked at a lot more closely. RIPEMD160 is brand new; it is way too soon
to count on its strengths, even though the design of it seems sound.
It is unfortunately the case, however, that both SHA-1 and RIPEMD160 are
relative newcomers. With MD5 apparently about to topple we're now in a
situation where relatively new algorithms are the only real options.
Ned