[Standards] SHA-1

Peter Waher peterwaher at hotmail.com
Thu Feb 23 14:19:36 UTC 2017


Hello all.


SHA-1 is used in many places throughout XMPP. Examples include authentication mechanisms (SCRAM-SHA-1) and entity capabilities (XEP-0115), for instance. Concerning the recent report about vulnerabilities found in SHA-1, should there be an effort to upgrade all these to SHA-256 or later?

Best regards,

Peter Waher

Ref:
https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/

[https://www.wired.com/wp-content/uploads/2017/02/Cryptography-2x1-1200x630-e1487801673377.jpg]<https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/>

A Super-Common Crypto Tool Turns Out to Be Super-Insecure<https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/>
www.wired.com
NIST has been warning about vulnerabilities in its SHA-1 cryptographic hash function for years, but some services still use it and the threats are growing.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170223/b4866d91/attachment-0001.html>


More information about the Standards mailing list