long-term GPG signing key
Travis H.
solinym at gmail.com
Wed Jan 11 09:20:39 EST 2006
On 1/10/06, Ian G <iang at systemics.com> wrote:
> 2. DSA has a problem, it relies on a 160
> bit hash, which is for most purposes the
> SHA-1 hash. Upgrading the crypto to cope
> with current hash circumstances is not
> worthwhile; we currently are waiting on
> NIST to lead review in hashes so as to
> craft a new generation.
What's wrong with SHA-256 and SHA-512?
http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf
I agree though that hashes (I hate the term, hashing has little to do
with creating OWFs) are not as advanced as block cipher design, and
160 bits seems rather small, but surely SHA-256 would be better than
throwing one's hands up, claiming it's unsolvable, and sticking with
SHA-1, right?
If the problem is size, the answer is there. If the problem is
structural, a temporary answer is there.
Using two structurally different hashes seems like a grand idea for
collision restistance, but bad for one-wayness. One-wayness seems to
matter for message encryption, but doesn't seem to matter for signing
public keys - or am I missing something?
--
"If I could remember the names of these particles, I'd have been a botanist"
-- Enrico Fermi -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list