Qed wrote: > Suppose you need a 160 bit digest. > You can choose RIPEMD160/SHA1 or a truncated version of a bigger one > (e.g.: SHA2 family). > Which solution would be safer? > Is a digest algo designed for a given length stronger than a truncated > longer one? >
Since you're asking about 160-bit hashes on the GnuPG mailing list, I'll
assume that you're asking about using the "DSA2" option to use truncated
hashes with DSA keys that have q=160.
Now, I could be completely wrong, but "common sense" seems to suggest
that there's no reason why it's any safer; in fact, you may be worse off.
The reasoning for this answer is as follows: since DSA OpenPGP keys
don't have a hash function firewall, it just gives an attacker more
oppurtunities to find a hash collision; instead of having to pick from
SHA1 and RIPEMD160 as the hash algorithms to pick a colliding message
digest from, they can now add the SHA2 family of algorithms to their
choices; plus, instead of having to collide 160/160 bits, they now only
have to collide 160/{224,256,384,512} bits.
Again, I could be completely wrong, but that's what "common sense" seems
to suggest.
> I googled, but I found only
> http://www.schneier.com/blog/archives/2005/10/nist_hash_works_3.html
> I know that sci.crypt would be a better place to ask this question, but
> I don't like it.
You could also ask at PGP-Basics :)
--
Alphax
Death to all fanatics!
Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
