I just had a discussion with our crypto group. I will update documentation
and software later tonight to deal with all the caveats and details, but
the upshot (in brief) is as follows:
* The SRS crypto is fine.
* The vulnerability in MD5 is theoretical. However...
* Government departments have been told not to use MD5, therefore we must
not use it if we want acceptance.
* Shortening the hash will weaken the algorithm proportionately.
* Being case insensitive will weaken the algorithm by 40%, as expected.
I will consider case insensitivity to be an option.
The outcomes will be the following:
* Crypto algorithms to become pluggable.
* HMAC/SHA1 to become the configurable default.
* Case sensitive to be the configurable default. (Is this OK?)
* Cutting the hash is possible, but will not be recommended.
We need to do some sort of evaluation on the 64-byte local part thing.
Perhaps we can build a set of standard tests, and maintain a table of
servers and clients which are known NOT to have this limit?
Information about case sensitivity would also be useful, particularly with
respect to the Microsoft ``SMTP'' servers.
Updates should happen around midnight GMT when I hope to release v0.16.
Thanks.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/