Bug#575038: libgcrypt11: tiger192 message digest does not agree with other implementations
Werner Koch
wk at gnupg.org
Thu Mar 25 15:27:19 UTC 2010
On Mon, 22 Mar 2010 23:39, dkg at fifthhorseman.net said:
> Package: libgcrypt11
> Version: 1.4.5-2
> Severity: normal
>
> libgcrypt's tiger192 message digest implementation doesn't appear to
> match the output / test vectors used by other implementations.
Well, it matches the original specs and the published test vectors. If
you look at the tiger home page, you will find the test vectors we use.
Back in 1998, when I wrote the code, there was no note on how the hashes
are to be printed (i.e. how to convert the 64 bit words into a bit
string). Thus I came up with the way it is now. Tiger has been used by
gpg versions up to 1.3.2 and I heard that some people are still patching
gpg to use it. Obviously the version in Libgcrypt is the one used by
gpg. We can't change it without risking to break existing code.
What we can do is to implement the now correct version of tiger192 as a
different algorithm. I think it might also be okay to drop the OID from
the current implementation because that one is definitely false. Moritz
obvioulsy didn't compared the test vectors with those on the tiger home
page after we assigned an OID for Tiger from the GNU pool to Ross.
There is still the question, who wants to use Tiger192, given that there
are proven algos out and that SHA-3 is not that far away.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnutls-maint
mailing list