On Fri, Oct 02, 2009 at 01:17:26PM -0500, Nicolas Williams wrote:
On Fri, Oct 02, 2009 at 06:14:47PM +0100, Alexey Melnikov wrote:
On Thu, Sep 24, 2009 at 2:22 AM, Ben Campbell <ben(_at_)estacado(_dot_)net>
wrote:
I'm no crypto expert, so please forgive me if this is silly--but isn't
there
a movement to phase out sha-1? If so, should that be the default "must
implement" hash for a new mechanism?
My understanding is that use of SHA-1 under HMAC is still considered
reasonable.
The WG debated at length use of SHA-1 versa use of SHA-256, etc. and decided
to proceed with SHA-1, because it is more frequently implemented in
libraries
and hardware.
This matter has come up elsewhere, such as in the KRB-WG. NIST has not
obsoleted the use of HMAC-SHA-1, though I don't have a reference handy
at the moment (but a quick search of the KRB-WG mailing list and, maybe,
the krbdev(_at_)mit(_dot_)edu list should yield one).
http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
"After 2010, Federal agencies may use SHA-1 only for the following
applications: hash-based message authentication codes (HMACs); key
derivation functions (KDFs); and random number generators (RNGs).
Regardless of use, NIST encourages application and protocol designers to
use the SHA-2 family of hash functions for all new applications and
protocols."
Nico
--
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf