Kevin Hilton wrote: > I've often wondered the consequences of such an action -- whether > this makes the chance of a collision higher or equal in comparing the > SHA512 modified hash product to the SHA256 hash product. Perhaps > someone could elaborate on this.
Theoretically? None. Practically? None yet. If/when the longer SHAs are subjected to cryptanalytic attack, "none yet" will change to "expected soon" before becoming "switch to WHIRLPOOL." > Of course with RSA keys, no such limitation is in place. Just an > FYI. Well, not technically, no, but there's no point in using SHA512 with an RSA key. According to NIST, a 4kbit RSA key is roughly equivalent in brute force resistance to a 168-bit symmetric key. The rule of thumb with hashes is to use twice as many bits as there are in your symmetric key, so a 4096-bit RSA key only needs SHA384. Past that you're just putting lipstick on the pig. (To say nothing of 4kbit keys in and of themselves, which strike me as being more technofetishism than a measured response to the current state of the art in cryptanalysis. But ignore me or else I'll start ranting again...) > (And just another summary, the battle between RSA vs DSA signing keys > has been waged many times prior on this mailing list -- Google for > it if you don't believe me -- and to summarize the conclusions of > many on this list -- this is no functional advantage of using one > over the other). I can count on my fingers the number of people I would trust to make any kind of authoritative statements re: DSA versus RSA. None of them are on this list. Discussing relative strengths and weaknesses of the two is a spectacularly black art, and unless your name is Adi Shamir or Taher Elgamal you probably don't know as much as you think you do. I am _definitely_ included in the ranks of the people who don't know as much as they think they do when it comes to this. They are both far, far stronger than people need them to be; that's all I feel comfortable stating. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
