[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NIST publishes new DSA draft
Jon Callas wrote:
>
> I think we ought to keep it with the same algorithm number.
>
> I'm happy to put in SHA-224 (meaning it's trivial work), but I don't
> like it, myself. The reason is that SHA-224 is really a truncated
> SHA-256. Thus, it has no advantages over SHA-256 except being smaller by
> 32-bits with 112 bits of security. The reason it exists at all is for
> crypto-balance with 2-key 3DES (which is not TDEA), which we don't allow
> at all.
<pedantic>
3-key DES also has a strength of 112 bits.
</pedantic>
> I don't think we should have it as it goes against our
> principles of wanting a minimum of 128-bits of security in OpenPGP.
> (Yes, yes, I know that SHA-1 doesn't meet this either, but until
> SHA-256, we didn't have many options. That doesn't mean the principle is
> wrong; we *have* options.)
>
> Jon
>
>
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff