Weaknesses in SHA-1

David Shaw dshaw at jabberwocky.com
Mon Sep 27 23:01:18 CEST 2004


On Mon, Sep 27, 2004 at 12:19:13PM -0700, vedaal at hush.com wrote:
> David Shaw dshaw at jabberwocky.com 
> Mon Sep 27 16:49:30 CEST 2004 wrote:
> 
> ] Why would you use Tiger192 when SHA256 is available?  
> ] I imagine SHA256 is getting a lot more attention by people 
> ] trying to break it than Tiger192 is.
> 
> 
> to be able to use it with dh/dsa
> 
> tiger is available as tiger 160
> and is independent of md 'x', sha, and ripemd in design,

Tiger does not have a 160 bit variant.  You can truncate the 192 bits
to 160, but it's the same algorithm (somewhat similar to SHA256 and
SHA224).

> if it 'was' already accepted in open-pgp,
> without any 'deprecation' remarks,
> 
> the it should be able to be considered secure,

This does not follow.  Just because someone includes an algorithm in
the OpenPGP specification does not in any way mean that algorithm can
be considered secure.  All it means is that enough people wanted to
use the algorithm so it was assigned an algorithm number.

David



More information about the Gnupg-users mailing list