Fingerprint algorithm and SHA-1 usage [was: Re: SHA3 IANA registration - method?]

Andrey Jivsov openpgp at brainhub.org
Tue Dec 18 21:01:32 CET 2012


On 12/18/2012 11:52 AM, Christian Aistleitner wrote:
> Hi Andrey,
>
> On Mon, Dec 17, 2012 at 02:16:21PM -0800, Andrey Jivsov wrote:
>> On 12/15/2012 06:03 AM, Christian Aistleitner wrote:
>>> [3] Shameless plug: You can for example allow others to avoid SHA-1 at
>>> key-signing parties, by adding additional (non-standard) SHA-512
>>> fingerprints to your paper slips:
>>>     http://openpgp.quelltextlich.at/slip.html?key=8421F11C&format=pdf&variant=SHA512,A4R,sparse
>>> as described here
>>>     http://openpgp.quelltextlich.at/slip.html?query=0x8421F11C#faq-additional-digests
>>
>> If I understand your proposal correctly, you are changing the hardwired
>> SHA-1 fingerprint to SHA-512 without metadata/agility.
>
> And I am not suggesting to trade hardwired SHA-1 for hardwired
> SHA-512. I'd be against doing this.
>
> Best regards,
> Christian
>
>
> P.S.: The paper slips generated by above's service do contain metadata:
> The additional SHA-512 part contains a link to the patch on how to
> verify the non-standard fingerprint.
>
> Those non-standard SHA-512 fingerprints serve two purposes:
> * It allows SHA-1 averse people to participate in current key-signing
>    parties.
> * It shows people what checking a SHA-512 hash may amount to. Thereby
>    it invites for discussions about fingerprints and concepts on how to
>    exchange keys. And --- *surprise* :-) --- it seems hexadecimal
>    encoded 512-bit hashes are beyond what most people want to compare
>    by hand. But additionally putting a 2D Barcode encoded hash on the
>    slip may do the trick.

One things that stands out here: I would consider truncating the SHA-512 
hash output used as fingerprint to 160 bits or a bit more. 80 bit of 
security seems OK for the fingerprinting. We have a problem with SHA-1, 
not the 160 bit output.




More information about the Gnupg-devel mailing list