On Wed, Aug 02, 2006 at 12:13:49PM -0400, David Shaw wrote: > On Sat, Jul 29, 2006 at 07:26:18PM +0930, Alphax wrote: > > Qed wrote: > > > Suppose you need a 160 bit digest. > > > You can choose RIPEMD160/SHA1 or a truncated version of a bigger one > > > (e.g.: SHA2 family). > > > Which solution would be safer? > > > Is a digest algo designed for a given length stronger than a truncated > > > longer one? > > > > > > > Since you're asking about 160-bit hashes on the GnuPG mailing list, I'll > > assume that you're asking about using the "DSA2" option to use truncated > > hashes with DSA keys that have q=160. > > > > Now, I could be completely wrong, but "common sense" seems to suggest > > that there's no reason why it's any safer; in fact, you may be worse off. > > Note, though, that NIST explicitly allows (i.e. requires) hash > truncation in the new DSA spec. At least in the context of DSA, the > official answer is that either a full SHA1 or a truncated SHA256 is > roughly of the same safety.
Er, sorry. That should be "either a truncated SHA256 or a truncated SHA512 is roughly of the same safety". David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
