[Standards] LAST CALL: XEP-0322 (Efficient XML Interchange (EXI) Format)

Peter Saint-Andre - &yet peter at andyet.net
Wed Oct 22 15:48:56 UTC 2014


On 10/22/14, 9:32 AM, Daurnimator wrote:
> On 22 October 2014 09:57, Tobias Markmann <tmarkmann at googlemail.com
> <mailto:tmarkmann at googlemail.com>> wrote:
>
>     I think using a more secure hash function would be beneficial for
>     reducing code. Secure wireless constrained applications are likely
>     to already include a high security cryptographic hash function.
>     Using this hash function would avoid the need of implementing MD5 at
>     all. Maybe, hash agility could also be useful in this case. So
>     clients, I think this is the main deployment target for as
>     constrained device, can pick the one already available. Servers
>     which are likely to have more power can then simply use the same
>     hash as the client.
>
>
> I would think SHA-1 a better choice than MD5 at least.
> And clients will already need it for capabilities:
> http://xmpp.org/extensions/xep-0115.html#security-mti

See also RFC 6151, which states that MD5 "is no longer acceptable where 
collision resistance is required" (such as in digital signatures).

We can do better than MD5 these days.

Peter

-- 
Peter Saint-Andre
https://andyet.com/



More information about the Standards mailing list