Re: [TLS] SHA-1 vs. FNV-1
Marsh Ray <marsh@extendedsubset.com> Mon, 10 May 2010 16:35 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E0753A691E for <tls@core3.amsl.com>; Mon, 10 May 2010 09:35:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.143
X-Spam-Level:
X-Spam-Status: No, score=-0.143 tagged_above=-999 required=5 tests=[AWL=-0.144, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jkr5U7R+XfyP for <tls@core3.amsl.com>; Mon, 10 May 2010 09:35:32 -0700 (PDT)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 47D4E3A68F5 for <tls@ietf.org>; Mon, 10 May 2010 09:35:30 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1OBVws-000JAN-PZ; Mon, 10 May 2010 16:35:18 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 2EE4560B6; Mon, 10 May 2010 16:35:15 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/RfmpI4E9cOn9FzKvpS3vUtELIh43bwVU=
Message-ID: <4BE835C3.9050105@extendedsubset.com>
Date: Mon, 10 May 2010 11:35:15 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: "Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu>
References: <20100509211958.19EB528C0E8@core3.amsl.com>
In-Reply-To: <20100509211958.19EB528C0E8@core3.amsl.com>
X-Enigmail-Version: 1.0.1
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "'ekr@rtfm.com'" <ekr@rtfm.com>, "'tls@ietf.org'" <tls@ietf.org>
Subject: Re: [TLS] SHA-1 vs. FNV-1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2010 16:35:33 -0000
On 5/9/2010 4:19 PM, Blumenthal, Uri - 0668 - MITLL wrote: > our current > practice of using SHA-1 is dying just like the previous practice of > using MD5 (and MD4 before it) is dead. So justifying continuous use > of SHA-1 is improper: for security purposes it is broken, and for > non-security purposes it's rather slow. Well said. That is my opinion, too. To put it another way: Any argument that could be made in favor of using SHA-1 could be made in favor of MD5 (or even MD4). In fact, MD5 would be superior. It's also "in everybody's stack already" right? (Ignoring those for the moment those who will implement only TLS 1.2 and forward.) Plus, MD5 is more efficient. So anybody insisting on SHA-1 should justify the extra CPU usage over MD5, no? Let's not forget where this started: Additional protocol elements for dynamically negotiating among a extensible set of cryptographic hash functions for use where a cryptographic hash function was not needed anyway. Vendors would be expected to support some perpetual subset of them or risk interoperability problems (probably everyone would just end up using that one everywhere anyway). Servers might have to track multiple hash values for the same resource. Another set of parameters for attackers to manipulate imperfect implementations with. Additional explanation when a security review legitimately questions the use of deprecated crypto algorithms. After: "Use this 5 line multiply-add loop: [sample code]" - Marsh
- [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Michael D'Errico
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Marsh Ray
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Simon Josefsson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Stefan Santesson
- Re: [TLS] SHA-1 vs. FNV-1 Marsh Ray
- Re: [TLS] SHA-1 vs. FNV-1 Kemp, David P.
- Re: [TLS] SHA-1 vs. FNV-1 Simon Josefsson
- Re: [TLS] SHA-1 vs. FNV-1 Eric Rescorla
- Re: [TLS] SHA-1 vs. FNV-1 Blumenthal, Uri - 0668 - MITLL