[Standards] Hash algorithms (Bits of Binary / Jingle FT)

Dave Cridland dave at cridland.net
Tue Jun 29 20:27:17 UTC 2010


On Tue Jun 29 21:12:46 2010, Paul Aurich wrote:
> A few comments about hash algorithms (basing off my reading the  
> Jingle
> FT spec [0] just now and a discussion the Pidgin devs had a few  
> months
> ago, which I don't think was brought up in the XMPP community,  
> though I
> might have missed it).
> 
> 1) Are there canonical text representations of hash algorithm names  
> some
> place?  i.e. other than it being the one described in the Bits of  
> Binary
> [1] spec, how do I know that I should use 'sha1' instead of 'sha-1'?
> 
> Even worse, I just checked Entity Capabilities [2] and it uses  
> "sha-1"
> as the name of the algorithm!!! :(
> 
> 
There's an IANA registry, which we've generally used in recent  
protocols:

http://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml

Slightly awkwardly, this relates to X.509 defined hashes, so would be  
tricky to update, but an IETF standards action could probably change  
that if needs be. (And would have support, I think).

> 5) Should the XSF adopt hash-function recommendations and standards  
> for
> all future specs?  I'm thinking standardized names (*cough* #1  
> *cough*)
> as well as MTI recommendations (perhaps choosing SHA-256, as NIST
> recommends [3]).

There's several uses for hash algorithms - some use-cases demand that  
a preimage attack be impossible, some don't, for example. The safest  
option for us is to pick a single algorithm - this also has the  
advantage of simplifying implementation requirements.

I've said before in IETF-land that a single spec of "this is the sane  
MTI security algorithm" would be useful. Perhaps the XSF could show  
them how it's done.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list