[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MD5 vs. SHA-1, Selection Criteria
Craig Metz wrote:
> ----------
> In message <31A4E010.3BA9@cylink.com>, you write:
> >My position is that MD5 should be immediately abandoned for use in ANY mode.
> >MD5 is a cryptographic algorithm the strength
> >of which is serious dispute. It should be removed from consideration by IETF
> >and other standards committee for use in any
> >form.
>
> Then I trust you'd be happy to do a quick demonstration and hijack
> an AH HMAC-MD5 protected TCP connection?
>
>
> Until you can show me that, I believe that MD5 has value. The value is
> that random people cannot defeat it. Maybe major governments can. When it comes
> to MY traffic, *I* want to be able to make the trade-off between security and
> performance.
> ----------
I agree that MD5 still has some value, but not as much long-term value as SHA-1. DES still has
plenty of value, too, but new standards are moving away from DES to Triple-DES and other
stronger algorithms. Not because DES is broken now, but because the safety margin seems to
be shrinking.
> ----------
> >I also think that implementors should re-examine the cost to move to SH
> >A-1 versus the cost of retaining a hash
> >function that probably has a limited lifetime.
>
> The flaw in this line of thinking should be obvious.
>
> -Craig
>-----------
I guess it wasn't obvious to me. :) If I gave you a free implementation of SHA-1 that ran as fast or faster than MD5,
would that change your mind?
My goal was to solicit debate on Performance vs. Perceived Strength vs. Utility. We all place different weight
on these criteria depending on the task at hand. Finding a compromise is one of our unenviable tasks as a working
group.
Perhaps Steve Bellovin's suggestion of making both HMAC-MD5 and HMAC-SHA1 mandatory to implement is a suitable
compromise. However, I think that by keeping HMAC-MD5 as an *optional* transform that we encourage the use of stronger
cryptography over higher performance where it can be accomodated.
-John Kennedy
jkennedy@cylink.com
Follow-Ups:
References: