Fingerprint algorithm and SHA-1 usage [was: Re: SHA3 IANA registration - method?]
openpgp at brainhub.org
Tue Dec 18 21:01:32 CET 2012
On 12/18/2012 11:52 AM, Christian Aistleitner wrote:
> Hi Andrey,
> On Mon, Dec 17, 2012 at 02:16:21PM -0800, Andrey Jivsov wrote:
>> On 12/15/2012 06:03 AM, Christian Aistleitner wrote:
>>>  Shameless plug: You can for example allow others to avoid SHA-1 at
>>> key-signing parties, by adding additional (non-standard) SHA-512
>>> fingerprints to your paper slips:
>>> as described here
>> If I understand your proposal correctly, you are changing the hardwired
>> SHA-1 fingerprint to SHA-512 without metadata/agility.
> And I am not suggesting to trade hardwired SHA-1 for hardwired
> SHA-512. I'd be against doing this.
> Best regards,
> P.S.: The paper slips generated by above's service do contain metadata:
> The additional SHA-512 part contains a link to the patch on how to
> verify the non-standard fingerprint.
> Those non-standard SHA-512 fingerprints serve two purposes:
> * It allows SHA-1 averse people to participate in current key-signing
> * It shows people what checking a SHA-512 hash may amount to. Thereby
> it invites for discussions about fingerprints and concepts on how to
> exchange keys. And --- *surprise* :-) --- it seems hexadecimal
> encoded 512-bit hashes are beyond what most people want to compare
> by hand. But additionally putting a 2D Barcode encoded hash on the
> slip may do the trick.
One things that stands out here: I would consider truncating the SHA-512
hash output used as fingerprint to 160 bits or a bit more. 80 bit of
security seems OK for the fingerprinting. We have a problem with SHA-1,
not the 160 bit output.
More information about the Gnupg-devel