[Standards] SHA-1

Dave Cridland dave at cridland.net
Thu Feb 23 14:44:21 UTC 2017


On 23 February 2017 at 14:19, Peter Waher <peterwaher at hotmail.com> wrote:

> SHA-1 is used in many places throughout XMPP. Examples include
> authentication mechanisms (SCRAM-SHA-1) and entity capabilities (XEP-0115),
> for instance. Concerning the recent report about vulnerabilities found in
> SHA-1, should there be an effort to upgrade all these to SHA-256 or later?
>
The sky hasn't fallen quite yet. A lot of effort is needed to generate a
collision, and collisions are especially hard to do if you're after a
second preimage attack on a short input.

As far as I'm aware, this is merely a single first preimage attack -
finding two inputs which produce the same output. A second preimage attack
starts with a known, fixed, output (or an input) and attempts to find
another input that will produce it.

An attack on SCRAM, etc, would rely on a second preimage attack, as would
XEP-0115, etc. Quite honestly, SCRAM is fair easier to brute-force than
generate a collision, due to the small search space used by passwords,
anyway.

So summary: Yes, we do need to upgrade from SHA-1, but there's no panic,
and we can take the time to do things properly.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170223/b5d14b7c/attachment.html>


More information about the Standards mailing list