Fingerprint algorithm and SHA-1 usage

Nicholas Cole nicholas.cole at gmail.com
Sat Dec 22 13:30:21 CET 2012 

On Fri, Dec 21, 2012 at 7:32 PM, Andrey Jivsov <openpgp at brainhub.org> wrote:
> To summarize, I wonder were do we stand on this issue?

Just from an interested, user's perspective:


> I am not sure which one / more of the following represents a consensus on
> this list. I would appreciate your feedback.

> * don't change anything regarding the fingerprint usage in OpenPGP

SHA-1 fingerprints have served quite well.  Collisions are (highly)
unlikely, the fingerprint is still short enough to fit on a business
card, be checked by a human etc.  But there are hints of attacks
coming, and furthermore if standards bodies are going to start being
suspicious about SHA-1, then some kind of change is probably a good
idea.

> * if there is a proposal for new fingerprint, we will look into it

I'm not sure there has been a clear proposal.  But in terms of everyday usage:

> * the Keccak in OpenPGP spec should definitely not include any proposal for
> the new fingerprint

Which version?  SHA3-224 seems to me to be the limit of what you could get onto
a business card with any ease.  Would that provide enough
collision-resistence for the next 15 years or so?

> * any other thoughts / options / timelines?

I don't think I favour (from a user perspective) a huge plethora of
new types of fingerprint.  Allowing implementations to generate
fingerprints using arbitrary hash functions just seems like a
potential source of confusion.  On the other hand, perhaps building
two fingerprints into the new standard, SHA-2-224  and SHA-3-224 might
be a way forward and provide some protection against any change in
attacks.

As far as I can see, and based solely on listening to experts on this
list, there is no pressing technical reason to change - but for PR
reasons, I think I would be happier if some sensible new fingerprint
were agreed.

But I do NOT favour a solution that will burden users with having to
check needlessly[*] long fingerprints, or carry around barcode
scanners and the like!

Best wishes,

N.
[*] for real-world, non-paranoid, "pretty good" privacy.

More information about the Gnupg-devel mailing list