IETF Logo Mail Archive

Re: [TLS] SHA-1 vs. FNV-1

Eric Rescorla <ekr@rtfm.com> Sun, 09 May 2010 21:12 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49E043A69C1 for <tls@core3.amsl.com>; Sun, 9 May 2010 14:12:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.159
X-Spam-Level:
X-Spam-Status: No, score=0.159 tagged_above=-999 required=5 tests=[AWL=-0.464, BAYES_50=0.001, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WC6PAHBBCr10 for <tls@core3.amsl.com>; Sun, 9 May 2010 14:12:44 -0700 (PDT)
Received: from mail-yw0-f173.google.com (mail-yw0-f173.google.com [209.85.211.173]) by core3.amsl.com (Postfix) with ESMTP id 45C403A68E9 for <tls@ietf.org>; Sun, 9 May 2010 14:12:44 -0700 (PDT)
Received: by ywh3 with SMTP id 3so599137ywh.31 for <tls@ietf.org>; Sun, 09 May 2010 14:12:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.91.109.2 with SMTP id l2mr1331171agm.53.1273439550220; Sun, 09 May 2010 14:12:30 -0700 (PDT)
Received: by 10.90.25.1 with HTTP; Sun, 9 May 2010 14:12:30 -0700 (PDT)
In-Reply-To: <4BE72406.9050605@pobox.com>
References: <w2sd3aa5d01005080804tbe8fdfdey77b5add371adfb8e@mail.gmail.com> <C80C5782.AA38%stefan@aaa-sec.com> <t2yd3aa5d01005091353iff713e4awf0b06b0b1570648@mail.gmail.com> <4BE72406.9050605@pobox.com>
Date: Sun, 09 May 2010 14:12:30 -0700
Message-ID: <v2jd3aa5d01005091412r3d343712i58fc21f8fb6f0fd4@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
To: Michael D'Errico <mike-list@pobox.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: tls@ietf.org
Subject: Re: [TLS] SHA-1 vs. FNV-1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2010 21:12:45 -0000

On Sun, May 9, 2010 at 2:07 PM, Michael D'Errico <mike-list@pobox.com> wrote:
> Eric Rescorla wrote:
>>
>> Really, given that the security analysis for why you don't need a secure
>> hash needs to be written in any case, and that we're NOT using MD5
>> but rather SHA-1, I don't see that the argument you're presenting
>> for deviating from our standard SHA-1 using practice is compelling at
>> all.
>
> Won't there be a push to get rid of SHA-1 from protocols just as there
> is for MD5 today?

Yes, there will, and we'll send those who suggest we remove it from this
location the relevant security analysis and that will be that.


> It seems prudent NOT to use SHA-1 precisely for the
> same reason we are not using MD5.

Not really. We are (well, were before Stefan changed it) using SHA-1
because it's what everyone uses. Which, incidentally, is precisely the
argument for using it instead of FNV-1, which, by comparison, practically
nobody uses.

-Ekr

v2.23.0 | Report a Bug | By Email