[ppsp] proposal to remove SHA1 from PPSPP spec
Dave Cottlehuber <dch@skunkwerks.at> Mon, 27 October 2014 08:46 UTC
Return-Path: <dch@skunkwerks.at>
X-Original-To: ppsp@ietfa.amsl.com
Delivered-To: ppsp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B21141A8A57 for <ppsp@ietfa.amsl.com>; Mon, 27 Oct 2014 01:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbWKtueVQ82q for <ppsp@ietfa.amsl.com>; Mon, 27 Oct 2014 01:46:36 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAB551A8A7D for <ppsp@ietf.org>; Mon, 27 Oct 2014 01:46:33 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id D37832082E for <ppsp@ietf.org>; Mon, 27 Oct 2014 04:46:32 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute2.internal (MEProxy); Mon, 27 Oct 2014 04:46:32 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=skunkwerks.at; h= x-sasl-enc:date:from:to:message-id:subject:mime-version :content-type:content-transfer-encoding; s=mesmtp; bh=owchTdSMEs 6MSxeCFGahPHqJKxc=; b=mc6J31soll5BifIaPZwnZBEGbDcysHxITpkonqp0Eh ltDV3VM1YuxDIGAfgF81/brQF6rMiCZGykSYUSZ8REFI1Ntgt89TfxsTg7jr/FOG kvR0ehGkUvw6PK/uQORVNtGOHPrP1gf4riEqxVytVdHBw7aXJ8EpHUfkujTuvPsr E=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:date:from:to:message-id :subject:mime-version:content-type:content-transfer-encoding; s= smtpout; bh=owchTdSMEs6MSxeCFGahPHqJKxc=; b=IubH8QXm6QqbFh660scQ NRJqwFop0BTgpAqK1+U9uY1vxihIQLA0LT4F67vJal03f3Voa9IOfC02VJqkIAaS bZulZlsqZuG7hTaz/di88Gk4BkySDQPNxFTOSP3aZ3HT6prrNzFTZyuqwEwgtcM1 lrzVR8/UuDezl92BRbEORC8=
X-Sasl-enc: IbBaH5ySbA2spZnZdk6Q65AqvQmUfdj6S3tMo++Y+oto 1414399592
Received: from continuity.skunkwerks.at (unknown [94.136.7.161]) by mail.messagingengine.com (Postfix) with ESMTPA id 6DB5D680156 for <ppsp@ietf.org>; Mon, 27 Oct 2014 04:46:32 -0400 (EDT)
Date: Mon, 27 Oct 2014 09:46:31 +0100
From: Dave Cottlehuber <dch@skunkwerks.at>
To: "ppsp@ietf.org" <ppsp@ietf.org>
Message-ID: <etPan.544e0667.4f97e3e4.22e@continuity.skunkwerks.at>
X-Mailer: Airmail Beta (273)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: http://mailarchive.ietf.org/arch/msg/ppsp/ZmoQb0JTgZdKXk5s3Y06vwHMI7c
Subject: [ppsp] proposal to remove SHA1 from PPSPP spec
X-BeenThere: ppsp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: discussing to draw up peer to peer streaming protocol <ppsp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppsp>, <mailto:ppsp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ppsp/>
List-Post: <mailto:ppsp@ietf.org>
List-Help: <mailto:ppsp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppsp>, <mailto:ppsp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 08:46:38 -0000
I presume when PPSPP was still called Swift, SHA1 was not yet considered weak. Times have changed, see [1],[2], and speed of e.g. SHA256 is comparable for our requirements [3],[4]. BTW This has been raised already in area review briefly. The significance of hash weaknesses for a transport protocol are severe - ability for a malicious (*cough* NSA, RIAA *cough*) entity to inject data that ultimately prevents the end user from unzipping or decrypting the transffered content or archive due to corruption by re-using a hash, is a serious weakness. Given that SHA1 has been considered weak since 2005 (yes, 2005, that’s almost a DECADE ago), are there any reasons for not removing SHA1 entirely from the PPSPP Spec while we still have the chance? OSX, 2012 iMac: Doing md5 for 3s on 1024 size blocks: 1249743 md5's in 3.00s Doing sha1 for 3s on 1024 size blocks: 1258965 sha1's in 3.00s Doing sha256 for 3s on 1024 size blocks: 527305 sha256's in 2.99s FreeBSD, CPU: Intel(R) 8 Core i7-4770 CPU @ 3.40GHz (3400.07-MHz K8-class CPU) openssl speed md5 sha1 sha256 2>&1 |grep 1024 Doing md5 for 3s on 1024 size blocks: 1683908 md5's in 3.00s Doing sha1 for 3s on 1024 size blocks: 1797420 sha1's in 3.00s Doing sha256 for 3s on 1024 size blocks: 749811 sha256's in 3.00s I tried to find some direct data for mobile devices but failed; [3] has relevant processors though just not specifically produced by a mobile device. Assuming even 2 orders of magnitude worse performance from my aging computers that can do more than 250k hashes in a second, we still can handle hashing far faster than most systems can receive data over the network, and the power usage of hashing is insignificant compared to the most common mobile case of actually displaying the content (video, audio etc). NB you can compare OpenSSL’s implementation speed on your platform using `openssl speed md5 sha1 sha256 2>&1 | grep 1024`, — Dave Cottlehuber dch@skunkwerks.at +43 688 60 56 21 44 Sent from the Cloud [1]: https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=sha1&__mode=tag [2]: https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1 [3]: http://bench.cr.yp.to/results-sha3.html [4]: http://jsperf.com/sha1-performance/9
- [ppsp] proposal to remove SHA1 from PPSPP spec Dave Cottlehuber