how to phase in new hash algorithms?
Steven M. Bellovin
smb at cs.columbia.edu
Wed Mar 16 12:02:01 EST 2005
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go. The problem is how to get there from
here.
OpenSSL 0.9.7 doesn't even include anything stronger than SHA1. As a
practical matter, this means that no one can use anything stronger in
certificates, especially root certificates. Worse yet, people can't
use anything stronger for public consumption for at least five years
after a stronger hash algorith is available -- we have to wait until
most older software has died off, since most machines are never
upgraded. This means that appearance of the code in client machines is
on the critical path. I've heard that OpenSSL 0.9.8 will include
stronger hashes, but there's no work in progress to backport the code
to 0.9.7.
So -- what should we as a community be doing now? There's no emergency
on SHA1, but we do need to start, and soon.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list