IETF Logo Mail Archive

Re: [TLS] SHA-1 vs. FNV-1

"Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu> Sun, 09 May 2010 04:12 UTC

Return-Path: <prvs=2745b19936=uri@ll.mit.edu>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 37DF43A67DB for <tls@core3.amsl.com>; Sat, 8 May 2010 21:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.322
X-Spam-Level:
X-Spam-Status: No, score=-4.322 tagged_above=-999 required=5 tests=[AWL=-0.138, BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7T2tizZzGT4 for <tls@core3.amsl.com>; Sat, 8 May 2010 21:12:02 -0700 (PDT)
Received: from mx1.ll.mit.edu (MX1.LL.MIT.EDU [129.55.12.45]) by core3.amsl.com (Postfix) with ESMTP id 914D83A67CC for <tls@ietf.org>; Sat, 8 May 2010 21:12:02 -0700 (PDT)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx1.ll.mit.edu (unknown) with ESMTP id o494BkUb030575; Sun, 9 May 2010 00:11:46 -0400
From: "Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu>
To: "'ekr@rtfm.com'" <ekr@rtfm.com>, "'stefan@aaa-sec.com'" <stefan@aaa-sec.com>
Date: Sun, 09 May 2010 00:11:45 -0400
Thread-Topic: [TLS] SHA-1 vs. FNV-1
Thread-Index: Acruv+JYSjSRcfUzQ/2nomc9pip0kwAbdqUb
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2010-05-08_02:2010-02-06, 2010-05-08, 2010-05-07 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1005080170
Message-Id: <20100509041202.914D83A67CC@core3.amsl.com>
Cc: "'tls@ietf.org'" <tls@ietf.org>
Subject: Re: [TLS] SHA-1 vs. FNV-1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2010 04:12:05 -0000

I don't buy the "everybody already got SHA-1" argument. For cryptographic purposes SHA-1 isn't good enough (any more), and for non-crypto it may well be considered an overkill and performance hog (compared to faster and even-weaker cryptographically algorithms). Performance is a good reason for choosing an algorithm.

SHA-1 probably would leave "everyone's stack", and in any case other hash functions would enter: slower & stronger for Crypto - for sure (start with SHA256, and set sights on SHA-3), faster and weaker for non-crypto - maybe. My $0.02.


Regards,
Uri

----- Original Message -----
From: tls-bounces@ietf.org <tls-bounces@ietf.org>
To: Stefan Santesson <stefan@aaa-sec.com>
Cc: tls@ietf.org <tls@ietf.org>
Sent: Sat May 08 11:04:55 2010
Subject: Re: [TLS] SHA-1 vs. FNV-1

On Sat, May 8, 2010 at 12:36 AM, Stefan Santesson <stefan@aaa-sec.com> wrote:
> Eric,
>
> Thanks for your input, but it would be great if you let us in on your long
> version instead of just stating your opinion.

I thought that was the long version: everyone already has SHA-1 in their
stacks. This is just added cruft. What more is there?


> You say:
>> In short, I prefer SHA-1 to FNV-1. FNV-1 introduces a new algorithm for no
>> reason other than people might be confused about what SHA-1 is doing
>> in this case. I realize it's simple but calling SHA-1 is even simpler.
>> We should just call SHA-1 with no agility.
>
> It was you who proposed the syntax that introduced agility for the hash
> algorithm (expanding my initial syntax with no agility):
>
> http://www.ietf.org/mail-archive/web/tls/current/msg03331.html

I'm sorry, I don't see the relevance here. I don't recall saying that we needed
agility in that meeting. However, people felt we did and I proposed syntax
that recognized that. The point of that
message was to support multiple types of cached info, not to support
multiple types of hashes. That's why it just supports the "minimal" level
of hash agility, i.e., leting the client tell the server what hash he used.

> At November IETF 2008 you made a presentation at Saag, recognizing "The Need
> for Cryptographically Insecure Hash Functions" for just the reasons that we
> see here.
>
> http://www.ietf.org/proceedings/73/slides/saag-0.pdf
>
> I thought that was a great presentation. What has changed your opinion since
> then?

I'm not sure my opinion has changed. But here we have a system chock
full of hash functions. One of those is entirely suitable. I don't see the
point in abandoning it for yet another function.

>
> Finally, taking your chair hat on, could you advice on how to proceed with
> this draft if the majority still prefers FNV?

I'll let Joe take that. That's why we have two chairs.

-Ekr
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email