[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: Chris Newman <Chris.Newman@xxxxxxx>
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Thu, 27 Mar 2008 11:36:16 +0100
Cc: ietf-sasl@xxxxxxx
In-reply-to: <> (Chris Newman's message of "Mon, 24 Mar 2008 18:16:18 -0700")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Chris Newman <Chris.Newman@xxxxxxx> writes:

> --On March 21, 2008 12:50:26 -0400 Sam Hartman <hartmans-ietf@xxxxxxx>
> wrote:
>> I don't think md5 should be used for a new mechanism.
>> Sha-1 is very widely available in C, Java and other languages.
>> I think you may get significant pushback in ietf last call to the use of
>> md5 in something new; I I know I'll be part of that.
>
>> From a theoretical security viewpoint, I would go with SHA-256 as
>> it's best 
> available algorithm choice today.
>
> But a security mechanism that doesn't deploy provides zero incremental
> security to the community regardless of how strong the theoretical
> security happens to be.
>
> So I consider the question "will this deploy?" significantly more
> important to the security of the mechanism than any particular choice
> of algorithm. On that basis, any security algorithm that is widely
> deployed and used in application-layer code (e.g. MD5, HMAC) has a big
> advantage over algorithms that have not deployed in application-layer
> code.
>
> I know MD5 won't be a deployment barrier.
> I think SHA-1 won't be a deployment barrier.
> I think SHA-256 will be a deployment barrier.
>
> So I presently lean towards SHA-1, but I'd like statements from likely
> or potential implementers about the algorithms we're discussing.

I would not implement a new protocol with MD5 in it at this point.

Using HMAC-SHA-1 would be ok with me, although I would prefer
HMAC-SHA-256.

> SHA-256 isn't in my code toolkit, is not something I can code from
> scratch and finding a cross-platform way to use it that's thread &
> library safe and has a company approved OSS is not something I have
> investigated.  I can't make a commitment until I investigate it.

I suggest you read RFC 4648, and look at the source code provided in it.
An implementation donated into the public domain is available from:
<http://people.redhat.com/drepper/SHA-crypt.txt>.

/Simon

Follow-Ups:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: ned+ietf-sasl

References:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Chris Newman

Prev by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread