[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Tue, 18 Mar 2008 11:09:59 -0500
Cc: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87d4psghws.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Simon Josefsson <simon@xxxxxxxxxxxxx>, Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>, ietf-sasl@xxxxxxx
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <frmdmk$h1o$1@xxxxxxxxxxxxx> <87od9dszmh.fsf@xxxxxxxxxxxxxxxxxxx> <frnouh$se3$1@xxxxxxxxxxxxx> <87d4psghws.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Mar 18, 2008 at 04:40:03PM +0100, Simon Josefsson wrote:
> I think our choice should be between HMAC-SHA-1 and HMAC-SHA-256.  I

I agree.

> don't think there are strong technical reasons to chose one over the
> other at this point.  I used HMAC-SHA-256 for password-auth.

Well, I think there are strong reasons to prefer SHA-256 over SHA-1: the
existence of more attacks against SHA-1, the fact that SHA-1 will be
considered obsolete in ~two years time.

The main reason for preferring SHA-1 over SHA-256 is that
implementations of the former are probably more widely available than of
the latter.

We can always specify multiple hash functions, make SHA-1 and SHA-256
MUST implement and RECOMMEND SHA-256.  This means that implementors
without suitable SHA-256 libraries will be "non-compliant" but their
code will still be deployable, but at least we get a future-proof
mechanism (for some values of "future-proofing").

Nico
--

Follow-Ups:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson

Prev by Date: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Next by Date: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread