SHA-1 now used for mixing the entropy pool (was: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-370-gfcce0cb)
Werner Koch
wk at gnupg.org
Thu Mar 31 20:53:49 CEST 2016
Hi!
For historical reasons the RNG used RIPE-MD-160 for mixing its pool.
This is not a widely used hash algorithm but Libgcrypt requires to be
built with it due to the RNG.
I have just replaced the mixing function by SHA-1. Due to the hardware
support and the optimized implementation we have for SHA-1, this change
might also speed up the pool mixing - whether this is really a
performance advantage is questionable, though.
BTW, the design of the RNG requires a mixing function with an output of
20 bytes. Thus we can't replace it with SHA-256 without changing a
couple of other things. Anyway, there is no cryptographic need for a
stronger algorithm in this use case.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list