[17110] in cryptography@c2.net mail archive
Re: how to phase in new hash algorithms?
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Mon Mar 21 13:52:15 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cryptography@metzdowd.com>
Date: Sun, 20 Mar 2005 22:08:09 -0800
----- Original Message -----
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
Subject: how to phase in new hash algorithms?
> We all understand the need to move to better hash algorithms than SHA1.
> At a minimum, people should be switching to SHA256/384/512; arguably,
> Whirlpool is the right way to go. The problem is how to get there from
> here.
...
> So -- what should we as a community be doing now? There's no emergency
> on SHA1, but we do need to start, and soon.
Phase 1 is to change the hash function choice from implicit to explicit.
Specifically instead of having hash = "457253W4568MM48AWA2346", move to hash
= "SHA-1:lq23rbp8yaw4tilutqtipyu.".
Then over time ratchet down the default.
There is also an easy argument that it may be beneficial to skip SHA-256
entirely. The argument put succinctly is:
64-bit computing is arriving
on 64-bit systems SHA-512 is nearly twice as fast as SHA-256 (crypto++
benchmarks).
SHA-512 is at least as strong, and faster.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
