randombit
commented
3 years ago It's not a security issue per se (we still have MD4 after all), though that was what pushed it over the edge to removal. The general goal is to reduce the number of algorithms to the minimum required necessary to implement any widely useful cryptographic protocol. [*] So, eg MISTY1 has no major security issues (besides 64 bit block) but was removed because it is totally obscure and there is no reason anyone would pick MISTY1 over say AES or Serpent or 3DES or Blowfish or ... nor are there any major protocols using it currently (at least that I know of).
So, the real point is: is anyone using Tiger, and if so where?
[] Two reasons for not just including everything we can think of. First, every algo has overhead. Sometimes changes require touching every bit of code, or touching every T (for T in BlockCipher, StreamCipher, ...). Having more code to touch makes changes harder and less likely to occur. Second is to avoid confusion. Probably most people know by now that MD5 is broken and will avoid it unless they really need it. I* did not know that Tiger was broken until I happened across a relatively obscure paper.
Hello, could you keep tiger module, marking it insecure?
You keep MD5 and Streebog, while they are not secure. Tiger is the same, but it is removed in 3 version. 😥