On Wed, 2022-10-12 at 11:00 -0400, Viktor Dukhovni wrote: > On Wed, Oct 12, 2022 at 03:35:19PM +0200, Richard Levitte wrote: > > > Topic: Provider selection and handling for SHA1 and RIPEMD160 > > should be identical > > given the current understanding of algorithm specific > > security issues. > > Shouldn't real-world usage be taken into account. SHA1 is widely > used, > and even has important use-cases that aren't going away and where > collision resistance is not a major concern, e.g. NSEC3 in DNSSEC > where it is used for light obfuscation, not cryptographic signing. > > I am not aware of any extant protocols that rely on RIPEMD160. I > think > that strictly looking at security margins is misguided, real world > usage > needs to inform any such decision, and users should be able to easily > keep SHA1 without bringing RIPEMD160 along for the ride.
There is one widespread "protocol" relying on RIPEMD160 - Bitcoin. -- Tomáš Mráz, OpenSSL
