Weaknesses in SHA-1

David Shaw dshaw at jabberwocky.com
Mon Sep 27 22:07:00 CEST 2004

On Mon, Sep 27, 2004 at 09:33:29PM +0200, Simon Josefsson wrote:
> David Shaw <dshaw at jabberwocky.com> writes:
> > On Mon, Sep 27, 2004 at 01:56:25PM +0200, Johan Wevers wrote:
> >> Alan S. Jones wrote:
> >> 
> >> >Why not allow for full support of SHA384 and SHA512 and not just read-only
> >> >support in GnuPG 1.4?
> >> 
> >> And not to forget Tiger192. Why remove support for it in the light of these
> >> developments?
> >
> > Why would you use Tiger192 when SHA256 is available?  I imagine SHA256
> > is getting a lot more attention by people trying to break it than
> > Tiger192 is.
> I don't have an opinion personally, but there's always the argument
> that if SHA256 is getting a lot of attention, you could end up in the
> situation where SHA256 has been broken, but Tiger192 hasn't.
> Read-only support could be a useful for a safety fallback mechanism.
> The problem is when people start to use Tiger192 without good
> reasons...

I think history shows that any uncommon algorithm is going to be used
simply because it's there...


More information about the Gnupg-users mailing list