[Ach] General agreement on cipher and hash strength and choice
ianG
iang at iang.org
Mon Nov 25 17:37:04 CET 2013
On 25/11/13 18:27 PM, Daniel.Kovacic at a-trust.at wrote:
> Moreover: think about ephemeral key exchanges
>
> SHA:
> What does it mean to be more secure (under which conditions) or acceptable?
> In the paper, most of the time we are discussing sha in an hmac
> construction. There sha or md5 works as a reduction algorithm and the whole
> construction is not flawed by possible collisions like the pure hash itself.
> In fact: Even HMAC-MD5 might be sufficient while md5 is clearly outdated.
Right, exactly.
But. Problem is that the "experts" have gone on a jihad against MD5 and
SHA1, without understanding what they are talking about. This is based
on herd behaviour, following NIST and its recommendations (which are
specifically mandated for USG and no-one else, go figure...)
Consequence of this is that developers everywhere are trying to get rid
of MD5 and SHA1 from code, protocols, etc. MD5 is evil! You are bad to
even mention the word!
There's a bandwagon. Not a lot point in trying to push it backwards,
spend your energy on better things. I'm planning on Poly1305 for future
hmac needs.
> Long term keys like root certificates:
> I think this is a bit enthusiastic, regarding the actual Mozilla and
> Microsoft root stores (last time I browsed through we were one of very few
> cas providing that)
> Little note for Austria: In Austria it isn’t even allowed to provide an ca
> certificate which is valid more than 5 years.
Yup. Which is why I say, use 2048. And leave it at that.
> Remarks on ECC:
Yeah. Don't change for the moment, let's get some safe.cr.yp.to curves
in place. Then change.
iang
More information about the Ach
mailing list