SHA-1 now used for mixing the entropy pool (was: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-370-gfcce0cb)

Werner Koch wk at
Thu Mar 31 20:53:49 CEST 2016


For historical reasons the RNG used RIPE-MD-160 for mixing its pool.
This is not a widely used hash algorithm but Libgcrypt requires to be
built with it due to the RNG.

I have just replaced the mixing function by SHA-1.  Due to the hardware
support and the optimized implementation we have for SHA-1, this change
might also speed up the pool mixing - whether this is really a
performance advantage is questionable, though.

BTW, the design of the RNG requires a mixing function with an output of
20 bytes.  Thus we can't replace it with SHA-256 without changing a
couple of other things.  Anyway, there is no cryptographic need for a
stronger algorithm in this use case.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list