Fingerprint algorithm and SHA-1 usage
nicholas.cole at gmail.com
Sat Dec 22 13:30:21 CET 2012
On Fri, Dec 21, 2012 at 7:32 PM, Andrey Jivsov <openpgp at brainhub.org> wrote:
> To summarize, I wonder were do we stand on this issue?
Just from an interested, user's perspective:
> I am not sure which one / more of the following represents a consensus on
> this list. I would appreciate your feedback.
> * don't change anything regarding the fingerprint usage in OpenPGP
SHA-1 fingerprints have served quite well. Collisions are (highly)
unlikely, the fingerprint is still short enough to fit on a business
card, be checked by a human etc. But there are hints of attacks
coming, and furthermore if standards bodies are going to start being
suspicious about SHA-1, then some kind of change is probably a good
> * if there is a proposal for new fingerprint, we will look into it
I'm not sure there has been a clear proposal. But in terms of everyday usage:
> * the Keccak in OpenPGP spec should definitely not include any proposal for
> the new fingerprint
Which version? SHA3-224 seems to me to be the limit of what you could get onto
a business card with any ease. Would that provide enough
collision-resistence for the next 15 years or so?
> * any other thoughts / options / timelines?
I don't think I favour (from a user perspective) a huge plethora of
new types of fingerprint. Allowing implementations to generate
fingerprints using arbitrary hash functions just seems like a
potential source of confusion. On the other hand, perhaps building
two fingerprints into the new standard, SHA-2-224 and SHA-3-224 might
be a way forward and provide some protection against any change in
As far as I can see, and based solely on listening to experts on this
list, there is no pressing technical reason to change - but for PR
reasons, I think I would be happier if some sensible new fingerprint
But I do NOT favour a solution that will burden users with having to
check needlessly[*] long fingerprints, or carry around barcode
scanners and the like!
[*] for real-world, non-paranoid, "pretty good" privacy.
More information about the Gnupg-devel