[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

uses of MD5 hashes



-----BEGIN PGP SIGNED MESSAGE-----


  The only hash defined in the spec is md5. In general, we are using
this a lot to identify principals. We always do this with (hash md5 #deadbeef..#)
so it is clear that one could eventually have:
	(hash sha1 #deadbeef..#)  

  Now, my reading of the IPsec lists wrt keyed MD5, keyed SHA1, and
the HMAC variants says the following to me:
	1. *keyed* MD5 may be weak.
	2. *keyed* SHA1 is probably better, but slower.
	3. *keyed* HMAC-MD5 may both fast and stronger than plain MD5.
	4. NONE of this applies to non-keyed MD5.

  I would prefer to have a single object hash rather than have to
decide at run-time "oops. I didn't hash those objects with SHA1. Just
a minute..." 
  If I have to potentially hash all things that I read with MD5 and
SHA1, then let's just use SHA1. It is slower than MD5, but it is
faster to do one (or the other) and be done with than to have to do
both.

  So, if anyone thinks we may want SHA1 for object *identification*
(NOT authentication) then let's switch to it *now*. 

  REMEMBER THIS IS NOT KEYED HASHING.

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |   I do IPsec policy code for SSH <http://www.ssh.fi/>
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>. 




-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNGZ2KKZpLyXYhL+BAQEVoAL/cVfdLkv5o4SbkOgICirWadHO3dXPC6PI
0qS2FieXmMCHRafGmYY8N0t+BpfFqLlf1mdOaIRxtL157vVxymxAaEscErg5W4iN
p2F6LlZv1kp4x6ZWmSsW+cVf9ZFlyA/5
=/DTL
-----END PGP SIGNATURE-----

Follow-Ups: