Re: [saag] SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 10 January 2020 01:44 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8655B120808 for <saag@ietfa.amsl.com>; Thu, 9 Jan 2020 17:44:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdOdrLBZqr48 for <saag@ietfa.amsl.com>; Thu, 9 Jan 2020 17:44:42 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACE5D120131 for <saag@ietf.org>; Thu, 9 Jan 2020 17:44:42 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id DD50F2B1B57; Thu, 9 Jan 2020 20:44:41 -0500 (EST)
Date: Thu, 09 Jan 2020 20:44:41 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20200110014441.GK73491@straasha.imrryr.org>
Reply-To: saag@ietf.org
References: <A6C5B299-54AE-48E8-98BF-981C85B9D3BE@vigilsec.com> <CAH8yC8=DWfzTw=meTG0_jGDt_qDmw20khR_U1Z0df0R-K0hN6Q@mail.gmail.com> <CAMm+LwisLm78peKYk7N_C1y3f8vjRgOrf9Ut9XwGGZZ-vK5zFA@mail.gmail.com> <1578554217695.69920@cs.auckland.ac.nz> <CACsn0c=LENQtn_UA0vmr4kk8k-d609Ftxwzf7QKMbKVf_0u9vA@mail.gmail.com> <1578619724689.8862@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1578619724689.8862@cs.auckland.ac.nz>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/FprSTdTtVYnUBKAxWZqjM2x1U1s>
Subject: Re: [saag] SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 01:44:45 -0000
On Fri, Jan 10, 2020 at 01:28:41AM +0000, Peter Gutmann wrote: > Again, this is just to understand how to mitigate problems for legacy stuff, > not to try and prolong SHA-1 use indefinitely, but it would be good to > understand where the exact risks for SHA-1 use lie. In the DNSSEC space, it now seems a good time to emphasize the deprecation (RFC8642) of algorithms 5 and 7 which sign with RSA-SHA1. https://tools.ietf.org/html/rfc8624#section-3.1 the potential avenues for abuse are expored at: https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html the attack is still comparatively expensive, and the attacks are contigent on some additional operational practices, but it seems there's enough exposure that is likely to only get worse, that it is much easier to tell users to move along to stronger algorithms than try to explain which use-cases remain safe, and which not. -- Viktor.
- [saag] SHA-1 is a Shambles: First Chosen-Prefix C… Russ Housley
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Phillip Hallam-Baker
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Peter Gutmann
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Phillip Hallam-Baker
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Christian Huitema
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Jeffrey Walton
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Phillip Hallam-Baker
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Andrey Jivsov
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Alan DeKok
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Peter Gutmann
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Black, David
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Watson Ladd
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Peter Gutmann
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Viktor Dukhovni
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Robert Moskowitz