Bug#575038: libgcrypt11: tiger192 message digest does not agree with other implementations
Werner Koch
wk at gnupg.org
Fri Mar 26 08:35:58 UTC 2010
On Thu, 25 Mar 2010 18:56, dkg at fifthhorseman.net said:
> interesting. i didn't find that when i did my original searching.
> could you point me to the URL?
http://www.cs.technion.ac.il/~biham/Reports/Tiger/
> I don't know who or what Ross is, or how it fits into this discussion,
> sorry.
Ross Anderson and Adi Shamir developed Tiger.
My point is: The name and algorithm ID we use in Libgcrypt for Tiger is
more or less arbitrary and not well defined. Thus we could keep that
even if the algorithm does not anymore reflect the the actual
description. However, the OID is a well defined description for the
algorithm and should reflect reality.
> wonder how much time it's worth spending on it :/ Disabling the digest
> by default would certainly be the quickest way to find out who really
> needs it, though it could get ugly.
Yeah, if you do that in the Debian distributed stable version. I
propose a different stratey: We drop the OID, add a correct TIGER
implementaion and as an extra benefit implement TIGER2. This is a minor
change to the current code and in particular it doesn't increase the
size of the lib. Regarding TIGER2 I need to talk with Ross Anderson
whether we should assign an OID to it.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnutls-maint
mailing list