Weaknesses in SHA-1

Simon Josefsson jas at extundo.com
Mon Sep 27 21:33:29 CEST 2004


David Shaw <dshaw at jabberwocky.com> writes:

> On Mon, Sep 27, 2004 at 01:56:25PM +0200, Johan Wevers wrote:
>> Alan S. Jones wrote:
>> 
>> >Why not allow for full support of SHA384 and SHA512 and not just read-only
>> >support in GnuPG 1.4?
>> 
>> And not to forget Tiger192. Why remove support for it in the light of these
>> developments?
>
> Why would you use Tiger192 when SHA256 is available?  I imagine SHA256
> is getting a lot more attention by people trying to break it than
> Tiger192 is.

I don't have an opinion personally, but there's always the argument
that if SHA256 is getting a lot of attention, you could end up in the
situation where SHA256 has been broken, but Tiger192 hasn't.
Read-only support could be a useful for a safety fallback mechanism.
The problem is when people start to use Tiger192 without good
reasons...




More information about the Gnupg-users mailing list