[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
uses of MD5 hashes
-----BEGIN PGP SIGNED MESSAGE-----
The only hash defined in the spec is md5. In general, we are using
this a lot to identify principals. We always do this with (hash md5 #deadbeef..#)
so it is clear that one could eventually have:
(hash sha1 #deadbeef..#)
Now, my reading of the IPsec lists wrt keyed MD5, keyed SHA1, and
the HMAC variants says the following to me:
1. *keyed* MD5 may be weak.
2. *keyed* SHA1 is probably better, but slower.
3. *keyed* HMAC-MD5 may both fast and stronger than plain MD5.
4. NONE of this applies to non-keyed MD5.
I would prefer to have a single object hash rather than have to
decide at run-time "oops. I didn't hash those objects with SHA1. Just
If I have to potentially hash all things that I read with MD5 and
SHA1, then let's just use SHA1. It is slower than MD5, but it is
faster to do one (or the other) and be done with than to have to do
So, if anyone thinks we may want SHA1 for object *identification*
(NOT authentication) then let's switch to it *now*.
REMEMBER THIS IS NOT KEYED HASHING.
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | I do IPsec policy code for SSH <http://www.ssh.fi/>
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">firstname.lastname@example.org</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">email@example.com</A>.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----