Opinions on RIPEMD vs SHA?

David Shaw dshaw at jabberwocky.com
Wed Jul 8 21:16:11 CEST 2009

On Jul 8, 2009, at 12:56 PM, Brian Mearns wrote:

> I'm considering making my default hash RIPEMD160: does anyone have any
> opinions on how this compares to SHA-2 algorithms in terms of both
> security and availability? I like the idea that RIPEMD was developed
> in an academic community instead of the NSA, but if there are genuine
> benefits to using SHA, I have no problem looking past this bit of
> romanticism. I'm especially curious if RIPEMD160 is commonly available
> in popular PGP clients.

RIPEMD160 is nearly universally supported in popular PGP clients.   
It's been around for a long time.

That said, you can't compare it to SHA-2.  I believe your academia/NSA  
comparison is invalid (it's really just romanticism), but I'm not even  
going to bother to restart the common algorithm/peer review/more  
attacks/etc discussion that we've had a zillion times on this list,  
and instead jump right to the easy reason:  RIPEMD160 is 160 bits  
long.  SHA-2 is (at minimum) 224 bits long, and can go up to 512 bits  

224 > 160.

512 is very > 160.

Unless you think SHA-2 is actually weaker than RIPEMD160 somehow, why  
would you not use it?


More information about the Gnupg-users mailing list