Entropy + SHA1

agwn at libero.it agwn at libero.it
Sun Mar 27 16:54:57 CEST 2005

I've read an old post(April 2000?) where Werner Koch said he didn't
like the choose of Twofish with a keylenght of 256 bits for different
-128 bits would suffice
-nobody uses a passphrase with the same order of magnitude of entropy
to protect the secret key
-256 bits keylenght is a risk for the precious bits in the entropy pool
I'm particularly interested in the third issue. Today the default
symmetric algo in gpg is AES256, I don't like AES, and Twofish is
out(not in the OpenPGP standard, isn't it?), but the keylenght issue
Is there any way to know the amount of entropy in the pool, available
trough /dev/random (Linux kernel 2.4)?

The second question, maybe already discussed, regards the recent
attack on SHA1; I don't know how successful it is since I read only a
preliminary paper containing some collisions without the mathematics
behind them.
DSA requires a 160 bit hash, but it seems that only SHA1 is allowed.
Is there any future plan to replace SHA1 with RIPEMD160?

OpenPGP public key available trough keyservers, ID: 0x0642A90B
Key fingerprint: 6C25 677F E058 D2A6 8759 9BD5 7658 4B23 0642 A90B
Always check key fingerprints!

6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
Scaricalo su INTERNET GRATIS 6X http://www.libero.it

More information about the Gnupg-users mailing list