[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: ietf-sasl@xxxxxxx
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: "Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx>
Date: Fri, 28 Mar 2008 02:40:40 +0100
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Organization: <http://purl.net/xyzzy>
References: <><87y784o3mn.fsf@xxxxxxxxxxxxxxxxxxx><01MSWZHOB0B800007A@xxxxxxxxxxxxxxxxx> <87skybq16i.fsf@xxxxxxxxxxxxxxxxxxx>
Reply-to: "Frank Ellermann" <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

Simon Josefsson wrote:

> I propose to use HMAC-SHA-1.  Would you or anyone else object
> to that?

Yes, for the known reasons, I don't trust that SHA-1/2 is okay.

Unrelated, the PBKDF2 RFC and RMX draft have no examples to
check that implementations actually does what the authors
think it should do.  

 Frank

References:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Chris Newman
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: ned+ietf-sasl
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson

Prev by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread