IETF Logo Mail Archive

Re: [TLS] SHA-1 vs. FNV-1

Stefan Santesson <stefan@aaa-sec.com> Sun, 09 May 2010 10:14 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D32103A67DA for <tls@core3.amsl.com>; Sun, 9 May 2010 03:14:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.21
X-Spam-Level:
X-Spam-Status: No, score=-1.21 tagged_above=-999 required=5 tests=[AWL=-0.375, BAYES_40=-0.185, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfFY7EhAdEg0 for <tls@core3.amsl.com>; Sun, 9 May 2010 03:14:15 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.112]) by core3.amsl.com (Postfix) with ESMTP id 7F3153A68D3 for <tls@ietf.org>; Sun, 9 May 2010 03:14:08 -0700 (PDT)
Received: from s29.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 5935B33F5D3 for <tls@ietf.org>; Sun, 9 May 2010 12:13:59 +0200 (CEST)
Received: (qmail 66725 invoked from network); 9 May 2010 10:13:55 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.16]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s29.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <ekr@rtfm.com>; 9 May 2010 10:13:55 -0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Sun, 09 May 2010 12:13:54 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <C80C5782.AA38%stefan@aaa-sec.com>
Thread-Topic: [TLS] SHA-1 vs. FNV-1
Thread-Index: AcrvYFQUY1j/QOKVTkqkHyrqvGBOUA==
In-Reply-To: <w2sd3aa5d01005080804tbe8fdfdey77b5add371adfb8e@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] SHA-1 vs. FNV-1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2010 10:14:17 -0000

Eric,


On 10-05-08 5:04 PM, "Eric Rescorla" <ekr@rtfm.com> wrote:

> On Sat, May 8, 2010 at 12:36 AM, Stefan Santesson <stefan@aaa-sec.com> wrote:
>> Eric,
>> 
>> Thanks for your input, but it would be great if you let us in on your long
>> version instead of just stating your opinion.
> 
> I thought that was the long version: everyone already has SHA-1 in their
> stacks. This is just added cruft. What more is there?
> 

For example the arguments from your own presentation at Saag:

"When cryptographic digests are used, people expect them to be security
critical
   ­ Even worse now that MD5 has been weakened
   ­ Reviewers ask ³what about hash agility?² ³Where¹s the
     security analysis?²
   ­ Need to explicitly disclaim security usages"


I didn't mean to say that you advocated for hash agility, just demonstrate
how true your arguments above are, even in this group of experts.

How relevant is it that calling SHA-1 one is easier, when implementing FNV
is about as hard as writing this e-mail?


/Stefan

v2.23.0 | Report a Bug | By Email