On 03/25/2010 11:27 AM, Werner Koch wrote: > Well, it matches the original specs and the published test vectors. If > you look at the tiger home page, you will find the test vectors we use.
interesting. i didn't find that when i did my original searching. could you point me to the URL? > Back in 1998, when I wrote the code, there was no note on how the hashes > are to be printed (i.e. how to convert the 64 bit words into a bit > string). Thus I came up with the way it is now. Tiger has been used by > gpg versions up to 1.3.2 and I heard that some people are still patching > gpg to use it. Obviously the version in Libgcrypt is the one used by > gpg. We can't change it without risking to break existing code. yeah :( That was sort of why i was thinking that an explicit disable sends a clearer message to users, instead of just changing it silently. but that's still kind of a rough thing for users. :( > What we can do is to implement the now correct version of tiger192 as a > different algorithm. I think it might also be okay to drop the OID from > the current implementation because that one is definitely false. Moritz > obvioulsy didn't compared the test vectors with those on the tiger home > page after we assigned an OID for Tiger from the GNU pool to Ross. I don't know who or what Ross is, or how it fits into this discussion, sorry. > There is still the question, who wants to use Tiger192, given that there > are proven algos out and that SHA-3 is not that far away. i agree that it seems like an odd choice for today, which is why i wonder how much time it's worth spending on it :/ Disabling the digest by default would certainly be the quickest way to find out who really needs it, though it could get ugly. --dkg
signature.asc
Description: OpenPGP digital signature