-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > SHA is, I think, the current gold standard > > SHA1 is *very* much the same as MD5 - the only thing that it gives us is a > bigger key-space. Which thinking about it might well be reason enough to use > it. > As a side note the first version of SHA was 'corrected' by the NSA. Not true. And you're deliberately trying to cast doubt on it by that last (cough) comment. SHA1 uses an expand transformation that starts the avalanch effect much earlier than in MD5. Also the output of each step is used as input into the next, which also makes each bit more relavant to the entire hash. A bigger key space is also a big deal. It makes brute force attacks much more difficult. The NSA added a left circular shift of one bit. I happen to agree with the decision, as it should make correlation effects less likely as the data passes through each round.
> I would currently suggest DSA for public-key crypto because of patent issues. > It's slow than RSA. The RSA patent expires (in the US) on 20th Sep 2000. I > don't know about other countries. Then there are the eliptic-curve > cryptosystems > but I think that they are too new to trust (but they are doing well). I agree here, assuming we use pubkey algorithms in the server. More likely though, we will be using it only perhaps for key exchange of session keys. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5AKTfpXyM95IyRhURAtAiAJ9w4CR+xlhDzDj/kmgXkb9eahefWgCbBua5 xz6oTi4rpjsXz6b650Nv5Mk= =ClyB -----END PGP SIGNATURE----- _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
