[Standards] SHA-1

Peter Waher peterwaher at hotmail.com
Thu Feb 23 14:19:36 UTC 2017

Hello all.

SHA-1 is used in many places throughout XMPP. Examples include authentication mechanisms (SCRAM-SHA-1) and entity capabilities (XEP-0115), for instance. Concerning the recent report about vulnerabilities found in SHA-1, should there be an effort to upgrade all these to SHA-256 or later?

Best regards,

Peter Waher



A Super-Common Crypto Tool Turns Out to Be Super-Insecure<https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/>
NIST has been warning about vulnerabilities in its SHA-1 cryptographic hash function for years, but some services still use it and the threats are growing.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170223/b4866d91/attachment-0001.html>

More information about the Standards mailing list