how to phase in new hash algorithms?
Joseph Ashwood
ashwood at msn.com
Mon Mar 21 01:08:09 EST 2005
----- Original Message -----
From: "Steven M. Bellovin" <smb at cs.columbia.edu>
Subject: how to phase in new hash algorithms?
> We all understand the need to move to better hash algorithms than SHA1.
> At a minimum, people should be switching to SHA256/384/512; arguably,
> Whirlpool is the right way to go. The problem is how to get there from
> here.
...
> So -- what should we as a community be doing now? There's no emergency
> on SHA1, but we do need to start, and soon.
Phase 1 is to change the hash function choice from implicit to explicit.
Specifically instead of having hash = "457253W4568MM48AWA2346", move to hash
= "SHA-1:lq23rbp8yaw4tilutqtipyu.".
Then over time ratchet down the default.
There is also an easy argument that it may be beneficial to skip SHA-256
entirely. The argument put succinctly is:
64-bit computing is arriving
on 64-bit systems SHA-512 is nearly twice as fast as SHA-256 (crypto++
benchmarks).
SHA-512 is at least as strong, and faster.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list