Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

[Simon Josefsson <simon@xxxxxxxxxxxxx>]

"Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx> writes:

> Simon Josefsson wrote:
>
>> Thus my suggestion is to hard code the crypto algorithm in SCRAMng,
>> following the simplicity of CRAM-MD5.
>  
>> What do others think about this proposal?
>
> Strong ACK, no complex variants

That makes three in favor so far.

> folks wishing SHA-2* should get a SASL mechanism, I'd like to see
> MD5, that can get a different name, and offering an alternative to
> HMAC deserves its own draft with its own security considerations
> explaining "why".  Skip SHA-1, for true believers in SHA-* that's too
> soon obsolete (2010).  And for folks wanting a "free" algorithm
> nothing is wrong with HMAC-MD5.

There is some progress on HMAC attacks [1].  Are there any comments on
the quality of that paper?

SHA-1 is not covered by the SHA-2 patent as far as I have understood.

/Simon

[1] http://homes.esat.kuleuven.be/~kjongsun/papers/scn02006.pdf