Bug#575038: libgcrypt11: tiger192 message digest does not agree with other implementations

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Mar 25 17:56:54 UTC 2010


On 03/25/2010 11:27 AM, Werner Koch wrote:
> Well, it matches the original specs and the published test vectors.  If
> you look at the tiger home page, you will find the test vectors we use.

interesting.  i didn't find that when i did my original searching.
could you point me to the URL?

> Back in 1998, when I wrote the code, there was no note on how the hashes
> are to be printed (i.e. how to convert the 64 bit words into a bit
> string).  Thus I came up with the way it is now.  Tiger has been used by
> gpg versions up to 1.3.2 and I heard that some people are still patching
> gpg to use it.  Obviously the version in Libgcrypt is the one used by
> gpg.  We can't change it without risking to break existing code.

yeah :(  That was sort of why i was thinking that an explicit disable
sends a clearer message to users, instead of just changing it silently.
 but that's still kind of a rough thing for users. :(

> What we can do is to implement the now correct version of tiger192 as a
> different algorithm.  I think it might also be okay to drop the OID from
> the current implementation because that one is definitely false.  Moritz
> obvioulsy didn't compared the test vectors with those on the tiger home
> page after we assigned an OID for Tiger from the GNU pool to Ross.

I don't know who or what Ross is, or how it fits into this discussion,
sorry.

> There is still the question, who wants to use Tiger192, given that there
> are proven algos out and that SHA-3 is not that far away.

i agree that it seems like an odd choice for today, which is why i
wonder how much time it's worth spending on it :/  Disabling the digest
by default would certainly be the quickest way to find out who really
needs it, though it could get ugly.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20100325/cad67b3a/attachment.pgp>


More information about the Pkg-gnutls-maint mailing list