Opinions on RIPEMD vs SHA?

Brian Mearns bmearns at ieee.org
Wed Jul 8 22:20:53 CEST 2009

On Wed, Jul 8, 2009 at 3:33 PM, Werner Koch<wk at gnupg.org> wrote:
> On Wed,  8 Jul 2009 18:56, bmearns at ieee.org said:
>> I'm considering making my default hash RIPEMD160: does anyone have any
>> opinions on how this compares to SHA-2 algorithms in terms of both
> Don't do that.  RIPEMD160 is a pure European algorithm and by design not
> different than SHA-1; like most hash algorithms it is based on the same
> principles as MD4 is.  There is no reason to believe that RIPEMD-160 is
> stronger than the SHA-1.
> If you want to do business with European governments you need to support
> RIPEMD-160 - well at least until last year.  Since this year, SHA-256 is
> a requirement for most purposes.
>> security and availability? I like the idea that RIPEMD was developed
>> in an academic community instead of the NSA, but if there are genuine
> Well, if you look at the prominent people from that community you will
> notice strong links to the country's respective TLAs.
>> romanticism. I'm especially curious if RIPEMD160 is commonly available
>> in popular PGP clients.
> GnuPG might be the only OpenPGP implementation to support it.
> Salam-Shalom,
>   Werner
> --
> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

Thank you both for your input. I'll stick with SHA.


Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net

More information about the Gnupg-users mailing list