On 7/11/2012 11:51 AM, Werner Koch wrote:
> But only because RIPEMD160 does not get as much attention as SHA-1.
True, but I'm not certain I believe SHA256 is much better.
Let's look over the history of Merkle-Damgård hashes:
MD2 (broken 1997, preimages 2004)
MD4 (broken 1991, preimages 2008, can generate collisions with
pen and paper!)
MD5 (broken 1996, preimages 2012 presumably, based on public
reports about Flame)
SHA-0 (broken 1998, no preimages)
SHA-1 (broken 2005, no preimages)
RIPEMD (broken ... uh ... when?)
SHA256 (unbroken)
RIPEMD-160 (unbroken)
History has not been kind to the Merkle-Damgård construction. The fact
OpenPGP only contains Merkle-Damgårds has always bothered me: I'd feel
much better if WHIRLPOOL had been standardized and included in the list.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
