[Standards] SHA-1 use in XMPP
dave at cridland.net
Thu Jun 22 19:35:17 UTC 2017
On 22 Jun 2017 19:10, "Evgeny Khramtsov" <xramtsov at gmail.com> wrote:
Thu, 22 Jun 2017 17:13:08 +0100
Dave Cridland <dave at cridland.net> wrote:
> Well, MD5 is brute-forceable now - you can clock up a lot of them per
> second on a stolen AWS account.
> The advice I'm hearing is that SHA-1 will be in range within a couple
> of years at the current rate of weakening.
Well, yes, there also reverse SHA1 tables exist  which make it
trivial to reverse short passwords, but all this has nothing in common
with SHA1 collisions, as far as I know.
I think I (more or less) said at the beginning of this year that the sky
was absolutely not falling. But SHA-1 is showing its first signs of
weakness, so it's prudent to start planning a strategy for moving along to
SHA-256 or something.
I agree with you that we can move at whatever speed feels most comfortable
- there are no dragons breathing down the backs of our necks on this. As I
say, we have, it seems, a couple of years.
Standards mailing list
Unsubscribe: Standards-unsubscribe at xmpp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards