[Standards] SHA-1 use in XMPP

Jonas Wielicki jonas at wielicki.name
Fri Jun 23 08:24:22 UTC 2017


On Donnerstag, 22. Juni 2017 20:35:17 CEST Dave Cridland wrote:
> On 22 Jun 2017 19:10, "Evgeny Khramtsov" <xramtsov at gmail.com> wrote:
> 
> Thu, 22 Jun 2017 17:13:08 +0100
> 
> Dave Cridland <dave at cridland.net> wrote:
> > Well, MD5 is brute-forceable now - you can clock up a lot of them per
> > second on a stolen AWS account.
> > 
> > The advice I'm hearing is that SHA-1 will be in range within a couple
> > of years at the current rate of weakening.
> 
> Well, yes, there also reverse SHA1 tables exist [1] which make it
> trivial to reverse short passwords, but all this has nothing in common
> with SHA1 collisions, as far as I know.

Those are not relevant for SCRAM as SCRAM does salting to prevent simple 
rainbow tables such as these from being effective.

I wanted to avoid the impression that SCRAM is directly attacked by the 
collision attacks, which, from my (limited) point of view (IANAC [1]), it is 
not.


> I think I (more or less) said at the beginning of this year that the sky
> was absolutely not falling. But SHA-1 is showing its first signs of
> weakness, so it's prudent to start planning a strategy for moving along to
> SHA-256 or something.
> 
> I agree with you that we can move at whatever speed feels most comfortable
> - there are no dragons breathing down the backs of our necks on this. As I
> say, we have, it seems, a couple of years.

Agreed.


regards,
Jonas

   [1]: I Am Not A Cryptographer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170623/ec2c114b/attachment.sig>


More information about the Standards mailing list