Re: [TLS] FNV versus SHA-1 in cached info
"Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu> Fri, 07 May 2010 17:10 UTC
Return-Path: <prvs=27436d9d74=uri@ll.mit.edu>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 72DC53A67C2 for <tls@core3.amsl.com>; Fri, 7 May 2010 10:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.623
X-Spam-Level:
X-Spam-Status: No, score=-3.623 tagged_above=-999 required=5 tests=[AWL=-0.376, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P86isxL0H52R for <tls@core3.amsl.com>; Fri, 7 May 2010 10:10:56 -0700 (PDT)
Received: from mx1.ll.mit.edu (MX1.LL.MIT.EDU [129.55.12.45]) by core3.amsl.com (Postfix) with ESMTP id 3757E3A672E for <tls@ietf.org>; Fri, 7 May 2010 10:10:56 -0700 (PDT)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx1.ll.mit.edu (unknown) with ESMTP id o47HAdmf006182; Fri, 7 May 2010 13:10:43 -0400
From: "Blumenthal, Uri - 0668 - MITLL" <uri@ll.mit.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>, Simon Josefsson <simon@josefsson.org>
Date: Fri, 07 May 2010 13:10:40 -0400
Thread-Topic: [TLS] FNV versus SHA-1 in cached info
Thread-Index: AcruAiSWfrTQ/3ZLTQqUr3gZstkRnAABhNnB
Message-ID: <C809C1D0.A4B5%uri@ll.mit.edu>
In-Reply-To: <20100507162620.GD9429@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-Entourage/13.4.0.100208
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2010-05-07_02:2010-02-06, 2010-05-07, 2010-05-07 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1005070103
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] FNV versus SHA-1 in cached info
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 17:10:59 -0000
For cryptographic purposes agility is critical, and it's obvious. For non-cryptographic purposes - who cares. Let the implementers figure what works best and "codify" it. If it's SHA - fine. If it's FNV - fine. If it's MD4 - fine. No sense avoiding cryptographically broken algorithms for non-cryptographic use. On 5/7/10 12:26 , "Nicolas Williams" <Nicolas.Williams@oracle.com> wrote: > On Fri, May 07, 2010 at 01:24:18PM +0200, Simon Josefsson wrote: >> Stefan Santesson <stefan@aaa-sec.com> writes: >>> I would not have any problem with using SHA-1 if it could be used with no >>> agility what so ever. But I seriously doubt that this will be accepted and >>> for that reason I would like to keep FNV. > > It's been accepted elsewhere. If cryptographic properties are not > required then algorithm agility is also not required. > >> I also prefer to use FNV here. > > I am of two minds about this issue. > >> Organizations are performing review of how MD5 and eventually SHA-1 are >> used in their code bases, and this is costly. > > This is true, however, you'd think that we should all also audit our > code bases and protocols (proprietary and otherwise) to ensure that we > do use strong cryptographic algorithms where we _need_ them, that we > have migration plans, and that we execute them. Just removing uses of > MD5 and SHA-1 will not do. > > I'm concerned that a blanket "must not use MD5 nor SHA-1" rule will be > counter-productive for _proprietary_ protocols: developers might resort > to home-grown non-cryptographic hashes where they need cryptographic > ones, just to avoid unwelcome auditor attention. Clearly that won't > happen for Internet protocols -not much- but there's a bigger world out > there, and training management to just ban weak algorithms might well > have unintended and very negative consequences. > > Thus I'm not too sympathetic to arguments that we should refrain from > using MD5/SHA-1 where cryptographic properties are not needed. I'd > rather train auditors to analyze protocols correctly than to apply > reflexive dicta. > > But I've also seen the pressure to avoid using MD5/SHA-1 altogether, and > understand that often it's just easier to give. > >> If we know when designing >> a protocol that the normal cryptographic properties are not essential, >> and that an algorithm like FNV will suffice, it saves everyone the costs >> associated with that review. [...] > > Does it? We still have to review whether cryptographic properties were > or were not necessary. > >> I wish we used something like FNV instead of SHA-1 in SASL GS2, the use >> there also do not require cryptographic properties. > > Quick, we're still in AUTH48! (Just kidding.) > > Nico -- Regards, Uri uri@ll.mit.edu <Disclaimer>
- Re: [TLS] FNV versus SHA-1 in cached info Kemp, David P.
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Simon Josefsson
- Re: [TLS] FNV versus SHA-1 in cached info Kemp, David P.
- Re: [TLS] FNV versus SHA-1 in cached info Adam Langley
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Michael D'Errico
- Re: [TLS] FNV versus SHA-1 in cached info Kemp, David P.
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Stefan Santesson
- Re: [TLS] FNV versus SHA-1 in cached info Nicolas Williams
- Re: [TLS] FNV versus SHA-1 in cached info Paul Hoffman