Re: [ftpext] draft-ietf-ftpext2-hash command name and default algorithm
Richard Koenning <Richard.Koenning@ts.fujitsu.com> Tue, 18 January 2011 19:12 UTC
Return-Path: <Richard.Koenning@ts.fujitsu.com>
X-Original-To: ftpext@core3.amsl.com
Delivered-To: ftpext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B0AD3A7030 for <ftpext@core3.amsl.com>; Tue, 18 Jan 2011 11:12:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWhfonw2xDOz for <ftpext@core3.amsl.com>; Tue, 18 Jan 2011 11:12:19 -0800 (PST)
Received: from dgate10.ts.fujitsu.com (dgate10.ts.fujitsu.com [80.70.172.49]) by core3.amsl.com (Postfix) with ESMTP id 07E5C3A7023 for <ftpext@ietf.org>; Tue, 18 Jan 2011 11:12:18 -0800 (PST)
DomainKey-Signature: s=s1536a; d=ts.fujitsu.com; c=nofws; q=dns; h=X-SBRSScore:X-IronPort-AV:Received:X-IronPort-AV: Received:Message-ID:Date:From:Reply-To:Organization: User-Agent:X-Accept-Language:MIME-Version:To:Subject: References:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=bGHfJSCm8yQvMrHZTrXH7Ooml5bDw7IMsjY7l8d2vKLpPp/3Eme54usp tHJc6a3DdmDQ5Byh5wZZyQjpkhJK32DBZ9gemz6lPeEg7ANifTBB9EulO uqCFmTMAydAL+6WnxN9WGn3qebELCO1yN/rGo0MUkrDZekl/KTz+St4ZO eBWM3z0By/fH0Ztky5j/eRE4MtGIXdM9b/OAwakGpTckrhP8v0QOHhXo+ T+zhd52VVWo4w76TdqZ3sxXtchJcG;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ts.fujitsu.com; i=Richard.Koenning@ts.fujitsu.com; q=dns/txt; s=s1536b; t=1295378097; x=1326914097; h=message-id:date:from:reply-to:mime-version:to:subject: references:in-reply-to:content-transfer-encoding; z=Message-ID:=20<4D35E6AE.7040108@ts.fujitsu.com>|Date:=20 Tue,=2018=20Jan=202011=2020:14:54=20+0100|From:=20Richard =20Koenning=20<Richard.Koenning@ts.fujitsu.com>|Reply-To: =20=20Richard.Koenning@ts.fujitsu.com|MIME-Version:=201.0 |To:=20"ftpext@ietf.org"=20<ftpext@ietf.org>|Subject:=20R e:=20[ftpext]=20draft-ietf-ftpext2-hash=20command=20name =20and=20default=20algorithm|References:=20<F15941D3C8A2D 54D92B341C20CACDF2311976FECC9@exchange>=09<20110117175600 .2F89028C1A2@core3.amsl.com>=09<F15941D3C8A2D54D92B341C20 CACDF2311976FF0A8@exchange>=09<alpine.DEB.2.00.1101181545 230.988@tvnag.unkk.fr>=09<F15941D3C8A2D54D92B341C20CACDF2 311979DC5FE@exchange>=20<alpine.DEB.2.00.1101181656420.98 8@tvnag.unkk.fr>|In-Reply-To:=20<alpine.DEB.2.00.11011816 56420.988@tvnag.unkk.fr>|Content-Transfer-Encoding:=20quo ted-printable; bh=gdb/1BspEe63/S4OM6tLzCQBvbx8+uTuCPIdlm0985E=; b=GMCbSOL9eRcz4oBjrHr0ZqST0NCN7pIhVRqYEaPMRMpFoyqb1VIlbRzP m/PYKMdXX/gP5IgKvVaG8Eddj7MKai5NZQK5y7eVasmx2pGpj9kOUG+8P fv9p+oFLNMemygePjy3yQCB4dqQeO26JE20q/Bk/Hr6e1RZVVvV3eMbgQ WWLwDsRVnFv9QA8ZBxrmqvUPJrwRzXAfSWjq3/qJ9SyuRN4ElGDKXjkme B7CfS2NnkAoMA4YV2ErckOqZTMcmp;
X-SBRSScore: None
X-IronPort-AV: E=Sophos;i="4.60,339,1291590000"; d="scan'208";a="66360206"
Received: from abgdgate30u.abg.fsc.net ([172.25.138.66]) by dgate10u.abg.fsc.net with ESMTP; 18 Jan 2011 20:14:55 +0100
X-IronPort-AV: E=Sophos;i="4.60,339,1291590000"; d="scan'208";a="107123086"
Received: from mch8469d.mch.fsc.net (HELO [172.25.52.240]) ([172.25.52.240]) by abgdgate30u.abg.fsc.net with ESMTP; 18 Jan 2011 20:14:55 +0100
Message-ID: <4D35E6AE.7040108@ts.fujitsu.com>
Date: Tue, 18 Jan 2011 20:14:54 +0100
From: Richard Koenning <Richard.Koenning@ts.fujitsu.com>
Organization: Fujitsu Technology Solutions GmbH
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: de, de-nds, en, en-US, it
MIME-Version: 1.0
To: "ftpext@ietf.org" <ftpext@ietf.org>
References: <F15941D3C8A2D54D92B341C20CACDF2311976FECC9@exchange> <20110117175600.2F89028C1A2@core3.amsl.com> <F15941D3C8A2D54D92B341C20CACDF2311976FF0A8@exchange> <alpine.DEB.2.00.1101181545230.988@tvnag.unkk.fr> <F15941D3C8A2D54D92B341C20CACDF2311979DC5FE@exchange> <alpine.DEB.2.00.1101181656420.988@tvnag.unkk.fr>
In-Reply-To: <alpine.DEB.2.00.1101181656420.988@tvnag.unkk.fr>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [ftpext] draft-ietf-ftpext2-hash command name and default algorithm
X-BeenThere: ftpext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Richard.Koenning@ts.fujitsu.com
List-Id: <ftpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ftpext>
List-Post: <mailto:ftpext@ietf.org>
List-Help: <mailto:ftpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2011 19:12:20 -0000
Daniel Stenberg wrote: > On Tue, 18 Jan 2011, Robert Oslin wrote: > >>>>I personally think CRC32 is too weak for multi-gigabyte files. >> >>Do you mean that CRC32 is weak period? > > CRC32 uses 32 bits to indicate a checksum for the data. I claim it gets weaker > the more data to try to check with it. Having a CRC32 field for a sufficiently > small amount of data will be fine IMO - but that's not what we design for > here. From the draft it is still unclear to me whether the hash shall be used only for detecting "normal" transmission problems or also for detecting active attacks on the data channel. For the latter CRC32 is out of discussion not only for the size of the hash value but for its linear properties: it is even easy to change the data while keeping the CRC unchanged. Regarding MD5: Since long time cryptologists warn against using MD5 for new protocols/applications. As an application of this policy there are no newer TLS cipher suites using MD5. Regarding SHA1: Despite showing some weakness too it is imho still in wide usage e.g. in the TLS area. On the other hand the search for new long-term hash functions is still ongoing (http://csrc.nist.gov/groups/ST/hash/timeline.html). Therefore it seems to me still acceptable to use SHA1 as default hash function. When the hash function is only used for detecting transmission errors than the collision probability is one of the main points, this probability is approximately the inverse of the square root of the hash value space. So with CRC32 one has to expect collisions already with a set of some ten thousand files. With MD5 the corresponding number has 19 figures, which probably suffices already for most applications. -- Dr. Richard W. Könning Fujitsu Technology Solutions GmbH
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Robert Oslin
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Daniel Stenberg
- [ftpext] draft-ietf-ftpext2-hash command name and… Robert Oslin
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Sob
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Robert Oslin
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Daniel Stenberg
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Robert Oslin
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Sob
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Richard Koenning
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Anthony Bryan
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Daniel Stenberg
- Re: [ftpext] draft-ietf-ftpext2-hash command name… Robert Oslin