ed25519 and sha256
Robert J. Hansen
rjh at sixdemonbag.org
Wed Sep 25 22:35:50 CEST 2019
> According to Wikipedia "Ed25519 is the EdDSA signature scheme using
> SHA-512 and Curve25519”. Granted, I have sha256 in my preferences,
> but the standard should override that, correct?
Wikipedia is not a very good reference for low-level technical details.
Ed25519 is shorthand for "EdDSA on a specific curve": it is silent on
the subject of hash algorithms, although you can specify one as
"Ed25519-SHA-512" or what-have-you.
Many other applications, such as DNSSEC, call for SHA-256 to be used
with Ed25519.
>From the original paper defining Ed25519:
"Our recommended curve for EdDSA is a twisted Edwards curve birationally
equivalent to the curve Curve25519 from [12]. ... We use the name
Ed25519 for EdDSA with this particular choice of curve.
Specifically, Ed25519-SHA-512 is EdDSA with ... SHA-512."
https://ed25519.cr.yp.to/ed25519-20110926.pdf
More information about the Gnupg-users
mailing list