| < draft-turner-sha0-sha1-seccon-04.txt | draft-turner-sha0-sha1-seccon-05.txt > | |||
|---|---|---|---|---|
| skipping to change at page 1, line 14 ¶ | skipping to change at page 1, line 14 ¶ | |||
| Internet-Draft L. Chen | Internet-Draft L. Chen | |||
| Intended Status: Informational NIST | Intended Status: Informational NIST | |||
| Expires: August 3, 2011 S. Turner | Expires: August 3, 2011 S. Turner | |||
| IECA | IECA | |||
| P. Hoffman | P. Hoffman | |||
| VPN Consortium | VPN Consortium | |||
| February 3, 2011 | February 3, 2011 | |||
| Security Considerations for the | Security Considerations for the | |||
| SHA-0 and SHA-1 Message-Digest Algorithms | SHA-0 and SHA-1 Message-Digest Algorithms | |||
| draft-turner-sha0-sha1-seccon-04 | draft-turner-sha0-sha1-seccon-05 | |||
| Abstract | Abstract | |||
| This document includes security considerations for the SHA-0 and SHA- | This document includes security considerations for the SHA-0 and SHA- | |||
| 1 message digest algorithm. | 1 message digest algorithm. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 5, line 22 ¶ | skipping to change at page 5, line 22 ¶ | |||
| to ensure that selected hash algorithms provide sufficient security. | to ensure that selected hash algorithms provide sufficient security. | |||
| At the time of publication, SHA-256 [SHS] is the most commonly | At the time of publication, SHA-256 [SHS] is the most commonly | |||
| specified alternative. The known (reduced round) attacks on the | specified alternative. The known (reduced round) attacks on the | |||
| collision resistance of SHA-256 indicate a significant security | collision resistance of SHA-256 indicate a significant security | |||
| margin, and the longer message digest provides increased strength.] | margin, and the longer message digest provides increased strength.] | |||
| Nearly all IETF protocols that use signatures assume existing public | Nearly all IETF protocols that use signatures assume existing public | |||
| key infrastructures, and SHA-1 is still used in signatures nearly | key infrastructures, and SHA-1 is still used in signatures nearly | |||
| everywhere. Therefore, it is unwise to strictly prohibit the use of | everywhere. Therefore, it is unwise to strictly prohibit the use of | |||
| SHA-1 in signature algorithms. Protocols that permit the use of SHA-1 | SHA-1 in signature algorithms. Protocols that permit the use of SHA-1 | |||
| based digital signatures as an option should strong consider | based digital signatures as an option should strongly consider | |||
| referencing this document in the security considerations. | referencing this document in the security considerations. | |||
| A protocol designer might want to consider the use of SHA-1 with | A protocol designer might want to consider the use of SHA-1 with | |||
| randomized hashing such as is specified in [SP800-107]. Note that | randomized hashing such as is specified in [SP800-107]. Note that | |||
| randomized hashing expands the size of signatures and requires | randomized hashing expands the size of signatures and requires | |||
| protocols to carry material that is not needed today. HMAC-SHA-1 | protocols to carry material that is not needed today. HMAC-SHA-1 | |||
| remains secure and is the preferred keyed-hash algorithm for IETF | remains secure and is the preferred keyed-hash algorithm for IETF | |||
| protocol design. | protocol design. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||