[Standards] SHA-1 use in XMPP
jonas at wielicki.name
Fri Jun 23 08:24:22 UTC 2017
On Donnerstag, 22. Juni 2017 20:35:17 CEST Dave Cridland wrote:
> On 22 Jun 2017 19:10, "Evgeny Khramtsov" <xramtsov at gmail.com> wrote:
> Thu, 22 Jun 2017 17:13:08 +0100
> Dave Cridland <dave at cridland.net> wrote:
> > Well, MD5 is brute-forceable now - you can clock up a lot of them per
> > second on a stolen AWS account.
> > The advice I'm hearing is that SHA-1 will be in range within a couple
> > of years at the current rate of weakening.
> Well, yes, there also reverse SHA1 tables exist  which make it
> trivial to reverse short passwords, but all this has nothing in common
> with SHA1 collisions, as far as I know.
Those are not relevant for SCRAM as SCRAM does salting to prevent simple
rainbow tables such as these from being effective.
I wanted to avoid the impression that SCRAM is directly attacked by the
collision attacks, which, from my (limited) point of view (IANAC ), it is
> I think I (more or less) said at the beginning of this year that the sky
> was absolutely not falling. But SHA-1 is showing its first signs of
> weakness, so it's prudent to start planning a strategy for moving along to
> SHA-256 or something.
> I agree with you that we can move at whatever speed feels most comfortable
> - there are no dragons breathing down the backs of our necks on this. As I
> say, we have, it seems, a couple of years.
: I Am Not A Cryptographer
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Standards