[Standards] SHA-1 use in XMPP

Dave Cridland dave at cridland.net
Fri Jun 16 11:25:59 UTC 2017


Folks,

Since SHA-1 is considered on the way out, now, it'd be useful to
catalogue where it is currently in use, what danger it poses, and what
options we have for replacing it - both in terms of protocol
considerations and practical concerns of deployments.

The current status of SHA-1 is essentially that is is likely to be
crackable soon, but only in terms of a long-term effort. So a use of
SHA-1 where the attacker would have to preimage/collide it rapidly are
less of an issue than cases where an attacker could spend a couple of
months over it.

As an example:

SCRAM-SHA-1 is our current MTI SASL mechanism. It is used to hash
long-term credentials. Replacing it would rely on SASL mechanism
agility; existing client implementations likely rely on it as the MTI
however.

What else do we have?

Dave.


More information about the Standards mailing list