force-v4-certs and digest-algo
Robert J. Hansen
rjhansen@inav.net
Thu May 9 23:21:01 2002
> SHA1 was created by the US government. I feel that the US government does not
> have its citizens best interest at heart in the realm of cryptography, and
SHA-1 isn't used for message security; it's used for message
authentication. The NSA's mandate includes keeping US Gov't traffic
secure, and as such, deliberately creating a faulty hash
algorithm--especially one that's heavily used throughout the USG--would
be counter to the NSA's mandate.
Then there's also the intense peer review, and the fact that it's SHA-1,
not SHA-0... SHA-0 had a nasty, but very subtle, bug. Who found the
bug, publicized it, and issued a fix? The NSA.
While I agree there's a lot of room for skepticism on the NSA's motives,
it appears to me that throwing out SHA-1 is tossing the baby out with
the bathwater. Still--if it floats your boat, use RIPEMD160.
> independently outside of the US. Anyway, whatever my reason, shouldn't it
> be my choice?
Not necessarily. The axiom which guides GnuPG is "be liberal in what
you accept, but conservative in what you generate". If I recall,
RIPEMD-160 is a SHOULD, not a MUST. It would be entirely consistent and
RFC-conformant for GnuPG to accept RIPEMD-160 in traffic, but to only
use SHA-1 for output.
I'm not suggesting we do that, by the by. I'm just pointing out that
"shouldn't it be my choice?" isn't always something you answer with a
"yes". There's a time and a place for strict enforcement of policy.