On Fri, Feb 24, 2017 at 02:43:13PM +0000, Peter Palfrader wrote: > On Fri, 24 Feb 2017, Wouter Verhelst wrote: > > > > or RIPE-MD/160 algorithms. > > > > Uhh? AFAIK, RIPEMD160 is not compromised at all, not even in a > > theoretical attack. Why was this part of the decision taken? > > > > (there is a theoretical attack against RIPEMD, but that is not the same > > thing as RIPEMD160) > > It's just as short as SHA1. There appears to be little reason to use a > digest this short in 2017. This is a total side-track, but it's not the *length* that mattered in breaking SHA1. The weakness was in a prefix attack, the brute force attack on SHA1 is still out of reach. This was the *algorithm* being weak, not the length of the hash, in this case. Also, just use blake2. Cheers, Paul
Attachment:
signature.asc
Description: PGP signature