On 03/25/2010 11:27 AM, Werner Koch wrote: > Well, it matches the original specs and the published test vectors. If > you look at the tiger home page, you will find the test vectors we use.
interesting. i didn't find that when i did my original searching.
could you point me to the URL?
> Back in 1998, when I wrote the code, there was no note on how the hashes
> are to be printed (i.e. how to convert the 64 bit words into a bit
> string). Thus I came up with the way it is now. Tiger has been used by
> gpg versions up to 1.3.2 and I heard that some people are still patching
> gpg to use it. Obviously the version in Libgcrypt is the one used by
> gpg. We can't change it without risking to break existing code.
yeah :( That was sort of why i was thinking that an explicit disable
sends a clearer message to users, instead of just changing it silently.
but that's still kind of a rough thing for users. :(
> What we can do is to implement the now correct version of tiger192 as a
> different algorithm. I think it might also be okay to drop the OID from
> the current implementation because that one is definitely false. Moritz
> obvioulsy didn't compared the test vectors with those on the tiger home
> page after we assigned an OID for Tiger from the GNU pool to Ross.
I don't know who or what Ross is, or how it fits into this discussion,
sorry.
> There is still the question, who wants to use Tiger192, given that there
> are proven algos out and that SHA-3 is not that far away.
i agree that it seems like an odd choice for today, which is why i
wonder how much time it's worth spending on it :/ Disabling the digest
by default would certainly be the quickest way to find out who really
needs it, though it could get ugly.
--dkg
signature.asc
Description: OpenPGP digital signature
