Question about history of hash and cipher collections

Robert J. Hansen rjh at
Tue Jan 15 05:32:36 CET 2008

Kevin Hilton wrote:
> I can see NIST is calling for entries for a competition to discover a
> new hash function:

Yeah, it's been underway for a while now.  It's been known for years
that the SHA-3 competition was going to happen; now it's actually started.

> No doubt the winner of this consult will eventually be added to the
> gpg standard.

My take on the IETF OpenPGP working group is that a lot of people have
some serious concerns that RFC2440 and RFC4880 include /way/ too many
algorithms.  While I imagine there is a broad desire among WG
participants to see SHA-3 added, I think some hash algorithms may have
to be dropped.  The way I read the tea leaves, we should expect to see
some tumult in the list of algorithms.

Pretty much everyone agrees that we have too many algorithms.  Hardly 
anyone can agree on which algorithms should be dropped.  Even TIGER192 
(a remarkably useless addition which was mercifully axed from the RFC 
shortly after introduction) has partisans who think its exclusion is 
unfair and that it should be reinstated.

If you have strong feelings on this issue, the right place to bring them
up is on the IETF OpenPGP working group mailing list.

More information about the Gnupg-users mailing list