Some SHA-2 news

Lists.gnupg at Lists.gnupg at
Sun Feb 20 23:06:01 CET 2011

On Sun, Feb 20, 2011 at 07:19:15AM -0500 Also sprach Jerry:
> On Sat, 19 Feb 2011 14:55:14 -0500
> Robert J. Hansen <rjh at> articulated:
> > On 2/19/11 9:53 AM, Lists.gnupg at wrote:
> > > Think we'll see this included one day in OpenPGP, or will we just
> > > skip to SHA-3 when it's ready?
> > 
> > Usually, algorithms are added due to existing users with a strong need
> > -- e.g., CAMELLIA came about because users in the Pacific Rim needed
> > it.
> > 
> > I'm unaware of anyone saying, "the SHA-2s are great, but they're too
> > slow on 64-bit processors."  And until there is, the odds of OpenPGP
> > adoption are practically nil, IMO.
> Out of simple morbid curiosity, other than the time and effort needed
> to adopt the code, is there any downside to this venture?

I can't really see much downside, except, as has been noted, a possible
lack of demand. I don't believe security is affected one way or the
other. It's just a matter of a slight performance improvement on certain
hardware. With SHA-3 so close on the horizon, though, I find it doubtful
that a minor re-working of SHA-2 would gather much adoption.

It somewhat surprises me, even, that NIST bothered with it. I suppose
someone, somewhere, must be saying "the SHA-2s are great, but they're
too slow..."  or why would anyone have put the work in to extend the
standard, as has been done? I think understanding this was the
motivation for my original post.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 719 bytes
Desc: not available
URL: </pipermail/attachments/20110220/5d12fa55/attachment.pgp>

More information about the Gnupg-users mailing list