[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA 1 vs. SHA 256 for Root CA

To: Paul Hoffman <paul.hoffman@xxxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: SHA 1 vs. SHA 256 for Root CA
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Mon, 29 Jan 2007 14:09:34 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BAY106-F33A6ECAF0FBDCF9F789787FCA70@xxxxxxx> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Paul:

According to the NIST recommendations 2^80 (the strength of SHA-1ifnone of the attacks prove to be fruitful) is useful for digitalsignatures until 2010.

The request was about signatures that need to stand for 20 years --if they are signed today, that is 2027. The NIST recommendations forbeyond 2030 seem appropriate, which recommend SHA-256 and a key sizeof 3072 bits.


Russ

At 12:22 PM 1/29/2007, Paul Hoffman wrote:

At 9:38 AM -0500 1/29/07, ROGER YOUNGLOVE wrote:
i believe that SHA1 is not sufficent for a 20 year root CA lifespan.
It would be useful to know where that belief comes from. To date,there have been no suggestions of any weakness for SHA-1 againstpreimage attacks. Also to date, no one has suggested that it ispossible for anyone to brute-force a cryptographic primitive thatwould require 2^160 iterations.
--Paul Hoffman, Director
--VPN Consortium

References:
- SHA 1 vs. SHA 256 for Root CA
  - From: ROGER YOUNGLOVE
- Re: SHA 1 vs. SHA 256 for Root CA
  - From: Paul Hoffman

Prev by Date: RE: SHA 1 vs. SHA 256 for Root CA
Next by Date: RE: SHA 1 vs. SHA 256 for Root CA
Previous by thread: RE: SHA 1 vs. SHA 256 for Root CA
Next by thread: asn.1 modules in 3280bis
Index(es):
- Date
- Thread