- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 7 May 2018 14:50:03 -0400
- To: Mike Lodder <mike.lodder@evernym.com>
- Cc: Vaneev Bogdan <bogdan@soramitsu.co.jp>, "public-digital-verification@w3.org" <public-digital-verification@w3.org>, Mukhutdinov Bulat <bulat.m@soramitsu.co.jp>
On 05/07/2018 02:22 PM, Mike Lodder wrote: > So let me state that I'm still in favor of using SHA2. Keccak is an > awesome algorithm for SHA3 but NIST hardened it too much that it is > slower than SHA2. The reasons many are staying away from SHA3 are > speed and security. SHA2 is still considered secure so there hasn't > been a need for a replacement yet. Many crypto people like BLAKE2b > because it has similar characteristics to SHA2 but has been shown to > be faster without sacrificing security. The same could be done with > Keccak given the right settings. So for now I would vote to just use > the Ed25519Signature2018 with SHA2. If SHA2 is broken in the future, > a newer version could be made. +1, agree on all of this. > I don't agree that we've done something wrong if the version changes > in the same year. You could everything correctly but a security > issue arrises that makes the current spec weak or broken in the same > year you write it. Hopefully that doesn't happen but could. Agreed, I should've been more precise. That is to say that we shouldn't be pushing out many different variations of Ed25519Signature2018 (or any other cryptosuite) because it raises implementation burden, creates interoperability headaches, and confuses what the best practice is for that year for that particular cryptosuite. A security vulnerability is a very good reason to release a new crypto suite ASAP... and in that case, the email that Dave Longley wrote is a good approach to take. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Monday, 7 May 2018 18:50:29 UTC