[Cryptography] Safe/Unsafe Hashing Algorithms in WinCrypt.h

Ankit Khandelwal ankit.khandelwal.1980 at gmail.com
Thu Nov 19 08:51:35 EST 2015 

Hello Everyone,

I am trying to make a list of safe hashing algorithms present in
WinCrypt.h. This list would be used to implement whitelist or blacklist
approach in my hash verification algorithm for Windows.

Reference:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa381133(v=vs.85).aspx

Below is the current status of the list, can anyone please provide some
inputs to it? As of now, I have added MDx family and SHA1 to the unsafe
list.

*szOID_RSA_HASH*

RSA signing (encryption) algorithm that uses a hashing algorithm to hash
the content before signing it.

*szOID_RSA_SHA1RSA*

RSA is used to encrypt the content and to sign the content hash created by
using the Secure Hashing Algorithm (SHA) algorithm.

unsafe

*szOID_RSA_SHA256RSA*

RSA is used to encrypt the content and to sign the hash created by using
the Secure Hashing Algorithm 256 (SHA256) algorithm.

safe

*szOID_RSA_SHA384RSA*

RSA is used to encrypt the content and to sign the hash created by using
the Secure Hashing Algorithm 384 (SHA384) algorithm.

safe

*szOID_RSA_SHA512RSA*

RSA is used to encrypt the content and to sign the hash created by using
the Secure Hashing Algorithm 512 (SHA512) algorithm.

safe

*szOID_X957_SHA1DSA*

Digital Signature Algorithm (DSA) coupled with the Secure Hashing Algorithm
(SHA) algorithm.

unsafe

*szOID_ECDSA_SHA1*

Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure
Hashing Algorithm (SHA) algorithm.

unsafe

*szOID_ECDSA_SHA256*

Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure
Hashing Algorithm (SHA256) algorithm.

safe

*szOID_ECDSA_SHA384*

Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure
Hashing Algorithm (SHA384) algorithm.

safe

*szOID_ECDSA_SHA512*

Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure
Hashing Algorithm (SHA512) algorithm.

safe

*szOID_OIWSEC_shaDSA*

NIST OSE Implementors' Workshop (OIW) Security Digital Signature Algorithm
(DSA) that uses the Secure Hashing Algorithm (SHA) to hash the message
contents.

*szOID_OIWSEC_shaRSA*

NIST OSE Implementors' Workshop (OIW) Security RSA algorithm coupled with
the Secure Hashing Algorithm (SHA).

*szOID_OIWSEC_sha*

NIST OSE Implementors' Workshop (OIW) Security Secure Hashing Algorithm
(SHA).

*szOID_OIWSEC_dsaCommSHA*

NIST OSE Implementors' Workshop (OIW) Security Digital Signature Algorithm
(DSA) coupled with the Secure Hashing Algorithm (SHA).

*szOID_OIWSEC_keyHashSeal*

NIST OSE Implementors' Workshop (OIW) Security hashing algorithm.

*szOID_OIWSEC_md2RSASign*

NIST OSE Implementors' Workshop (OIW) Security RSA algorithm coupled with
the Message Digest (MD2) hashing algorithm.

unsafe

*szOID_OIWSEC_md5RSASign*

NIST OSE Implementors' Workshop (OIW) Security RSA algorithm coupled with
the Message Digest (MD5) hashing algorithm.

unsafe

*szOID_OIWSEC_sha1*

NIST OSE Implementors' Workshop (OIW) Security Secure Hashing (SHA1)
algorithm.

unsafe

*szOID_OIWSEC_dsaSHA1*

NIST OSE Implementors' Workshop (OIW) Security Digital Signature Algorithm
(DSA) that uses the Secure Hashing Algorithm 1 (SHA1).

unsafe

*szOID_OIWSEC_dsaCommSHA1*

NIST OSE Implementors' Workshop (OIW) Security Digital Signature Algorithm
(DSA) that uses the Secure Hashing Algorithm 1 (SHA1).

unsafe

*szOID_OIWSEC_sha1RSASign*

NIST OSE Implementors' Workshop (OIW) Security RSA algorithm that uses the
Secure Hashing Algorithm 1 (SHA1).

unsafe

*szOID_OIWDIR_HASH*

NIST OSE Implementors' Workshop (OIW) Directory generic hashing algorithm.

*szOID_OIWDIR_md2RSA*

NIST OSE Implementors' Workshop (OIW) Directory RSA algorithm coupled with
the Message digest (MD2) hashing algorithm.

unsafe

*szOID_NIST_sha256*

Secure hashing algorithm (SHA) that uses a 256 bit key.

safe

*szOID_NIST_sha384*

Secure hashing algorithm (SHA) that uses a 384 bit key.

safe

*szOID_NIST_sha512*

Secure hashing algorithm (SHA) that uses a 512 bit key.

safe

-- 
Thanks,
@Ankit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151119/1c17027c/attachment-0001.html>

More information about the cryptography mailing list