Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
OpenPGP defines sha-224 as part of its suite of message digests, so i think supporting it would be good. If you're concerned about size of the compiled library,
I don't think the impact on the object size is that big; without measuring, I think the compression function (which is partially unrolled) is by far the largest piece of sha256 and sha512, and that function is reused for sha224 and sha384, respectively.
I think the bloat is more of a concern in the source code and the documentation, with a large number small and almost identical functions. I'll think about ways to reduce code duplication, in partcular for the rsa signing functions, now when we have a such a large number of hash functions to support.
(Using sha224 and sha384 for RSA signatures seems quite point-less to me; one saves 32 resp 128 bits in the hash digest, which is then padded to the RSA size, which should be at least 1024 bits anyway. So one truncates the hash without gaining anything in either computation time or signature size. Is there anybody who recommends those combinations, and if so, why?).
Regards, /Niels