Re: [saag] sha1 - have we more work to do?
Derek Atkins <derek@ihtfp.com> Mon, 12 October 2015 15:10 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D3ED1A6F61 for <saag@ietfa.amsl.com>; Mon, 12 Oct 2015 08:10:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0p0MoTUSlO-o for <saag@ietfa.amsl.com>; Mon, 12 Oct 2015 08:10:36 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E0641A6F60 for <saag@ietf.org>; Mon, 12 Oct 2015 08:10:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 50285E2036; Mon, 12 Oct 2015 11:10:34 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 10485-08; Mon, 12 Oct 2015 11:10:31 -0400 (EDT)
Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id C2F7DE2034; Mon, 12 Oct 2015 11:10:30 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1444662630; bh=cCokin8Lx4NgehhE95q38fgTBwDp1vmsPVAy0rlkxf0=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=do71v70tf5MxnwYnAvUokV8T8mIDCpuEAVQOQ0JqVHB7urVO3AFbsodGJ9T6YQgLN UXDrynFHmiLrmUadFekScMPT3eiDysxgE36QwQftUofLkkOhT9fmoA14AUeQOZlSwe RrPnQjg/J+giLS8IDcbz3jquX7GltyqXi2TLmcrI=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t9CFAUxc011787; Mon, 12 Oct 2015 11:10:30 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <5617C054.1070207@cs.tcd.ie>
Date: Mon, 12 Oct 2015 11:10:29 -0400
In-Reply-To: <5617C054.1070207@cs.tcd.ie> (Stephen Farrell's message of "Fri, 9 Oct 2015 14:25:40 +0100")
Message-ID: <sjm612cqg0q.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/_SF6LamcJZQ2dkA1DnthalsIwkE>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] sha1 - have we more work to do?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 15:10:37 -0000
Hi, Stephen Farrell <stephen.farrell@cs.tcd.ie> writes: > Hiya, > > While it may be still under submission, and not yet peer reviewed, > I was just looking at [1,2] and wondered if we've still work to do > to deprecate sha1 anywhere that we've not yet done. I know a lot > of this was done already but just wanted to check that we're good. > > Anyone know places where sha1 is still a should or must or where it's > still in widespread use despite no longer being a should or must? > (No need to mention root stores in browser for that last though, as > that's a known issue and is I think already being tackled by browser > makers.) > > I guess we can make a list and then figure out what to do if the > list is non-empty. > > Cheers, > S. > > [1] https://sites.google.com/site/itstheshappening/ > [2] https://sites.google.com/site/itstheshappening/shappening_article.pdf OpenPGP (RFC4880) still uses SHA-1 for its key fingerprints. However, it's using the SHA1 preimage resistance and not the SHA1 collision resistance. So even though finding collisions in SHA1 appears to be getting easier, preimage attacks seem still out of reach. But it'll probably be easier to change to a new hash algorithm in a V5 key than it would be to educate everyone on why the way 4880 uses SHA1 isn't vulnerable to these "new" SHA1 attacks. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [saag] sha1 - have we more work to do? Stephen Farrell
- Re: [saag] sha1 - have we more work to do? Yoav Nir
- Re: [saag] sha1 - have we more work to do? Benjamin Kaduk
- Re: [saag] sha1 - have we more work to do? Derek Atkins
- Re: [saag] sha1 - have we more work to do? Rick Andrews
- Re: [saag] sha1 - have we more work to do? Sarat G
- Re: [saag] sha1 - have we more work to do? Sandra Murphy
- Re: [saag] sha1 - have we more work to do? Sean Turner
- Re: [saag] sha1 - have we more work to do? Sarat G