Opinions on RIPEMD vs SHA?
Robert J. Hansen
rjh at sixdemonbag.org
Thu Jul 9 04:41:22 CEST 2009
> I'm considering making my default hash RIPEMD160: does anyone have any
> opinions on how this compares to SHA-2 algorithms in terms of both
> security and availability?
The new SHAs have the benefit of about a dozen years of cryptanalytic
research behind them. RIPEMD160 is very similar to SHA-1, and the
recent attacks against SHA-1 are likely applicable to RIPEMD160.
Those same attacks do not apply against the newer SHAs.
> I have no problem looking past this bit of romanticism.
"Romanticism" is exactly the right word to use.
> I'm especially curious if RIPEMD160 is commonly available
> in popular PGP clients.
Yes. It's been in PGP since 6.5.8, and in GnuPG since 1.0. (Probably
since long before 1.0, but since 1.0 was the first official release,
that's where I trace things back to.)
More information about the Gnupg-users