Re: [TLS] SHA-1 vs. FNV-1
Marsh Ray <marsh@extendedsubset.com> Mon, 10 May 2010 17:34 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A72BF28C20F for <tls@core3.amsl.com>; Mon, 10 May 2010 10:34:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.129
X-Spam-Level:
X-Spam-Status: No, score=-0.129 tagged_above=-999 required=5 tests=[AWL=-0.130, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54egShpfrWSm for <tls@core3.amsl.com>; Mon, 10 May 2010 10:34:40 -0700 (PDT)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 19FFE28C213 for <tls@ietf.org>; Mon, 10 May 2010 10:30:03 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1OBWnf-000COL-J5; Mon, 10 May 2010 17:29:51 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id AC76E60B6; Mon, 10 May 2010 17:29:49 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX18JX8ifR1cbbiB+datzHxPmL7a1LG4Brds=
Message-ID: <4BE8428E.9060509@extendedsubset.com>
Date: Mon, 10 May 2010 12:29:50 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <20100509211958.19EB528C0E8@core3.amsl.com> <4BE835C3.9050105@extendedsubset.com> <AANLkTiltmKBHmmRUVdWrghD9DlSk4htVW6QX7P_cDo9C@mail.gmail.com>
In-Reply-To: <AANLkTiltmKBHmmRUVdWrghD9DlSk4htVW6QX7P_cDo9C@mail.gmail.com>
X-Enigmail-Version: 1.0.1
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] SHA-1 vs. FNV-1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2010 17:34:41 -0000
On 5/10/2010 11:41 AM, Eric Rescorla wrote: > On Mon, May 10, 2010 at 9:35 AM, Marsh Ray <marsh@extendedsubset.com> wrote: >> >> So anybody insisting on SHA-1 should >> justify the extra CPU usage over MD5, no? > > No, that's not true. Again, SHA-1 is simply the default hash algorithm people > use at this point. Other than that, MD5 would be fine, yes. I don't agree that there is an obvious choice of hash algorithm right now: http://csrc.nist.gov/groups/ST/hash/policy.html "After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs)." > As for "insisting", I really don't know what you mean. I'm not "insisting" > on SHA-1 any more than Stefan is "insisting" on FNV-1. This is an undecided > question in the WG and I'm stating my opinion. I didn't mean to imply anyone was insisting, just a rhetorical point. > As I noted previously, that exact explanation will need to be present > to justify the use of a non-cryptographic hash. Perhaps, but neither does that support SHA-1. More NIST policy says: "Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010." I'm just imagining a situation where a seasoned software developer/manager is having to explain to to some external auditor lacking a CS degree that "the hash table bucket collisions which could occur in this part of the code are not the same kind of thing as the collisions being talked about in this protocol, really". - Marsh
- [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Michael D'Errico
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Marsh Ray
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Simon Josefsson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Marsh Ray
- Re: [TLS] SHA-1 vs. FNV-1 Kemp, David P.
- Re: [TLS] SHA-1 vs. FNV-1 Simon Josefsson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL