Subject: CAcert Code Development list.
List archive
- From: Benny Baumann <benbe AT cacert.org>
- To: cacert AT lists.cacert.org
- Cc: Developers CAcert <cacert-devel AT lists.cacert.org>
- Subject: Re: Updating default hash algorithm
- Date: Sat, 30 May 2015 13:36:33 +0200
Hi,
Am 30.05.2015 um 02:41 schrieb Brian Minton:
> Practically, is there any advantage to SHA-512? I thought it was
> essentially more bits of the same algorithm.
SHA2 is a hole family of hash functions with mainly SHA2-256 and
SHA2-512 as full length versions and SHA2-224 and SHA2-384 being
truncated versions respectively.
The collision resistance of the full length versions is half their hash
length (neglecting attacks) and only a few bits less when accounting for
attacks on the hash functions.
Thus when discussing the security attributes of a RSA signature done
with PKCS#1 v1.5 the important aspects are properly doing the padding
and ensuring an attacker can't produce a collision of the hash that is
to be signed. As the signature size only depends on the size of the
signing key's modulus we can scale the security by using more or less
bits in the hash function.
NB: I'd love to offer RSA-PSS[3] or RSA-OAEP[4] but unfortunately they
have so many interop issues that we are still lacking support in many
common libraries.
The difference between SHA2-256 and SHA2-512 is also in its inner
structure as can be seen in its description in Wikipedia[1][2].
>
> On Fri, May 29, 2015, 8:10 PM Hans Witvliet
> <hwit AT a-domani.nl>
> wrote:
>
>> On Fri, 2015-05-29 at 19:40 +0200, Henrik Hüttemann wrote:
>>> Ahoj everyone,
>>> as announced on 2014-06-14 at
>>>
>> https://blog.cacert.org/2014/06/selection-of-hash-algorithm-during-certificate-creation/
>>> it is time to review the descision to select SHA-256 as the default
>>> hash algorithm because Debian Jessie was released on 2015-04-25. So,
>>> how about setting SHA-512 as the default?
>>>
>>> Greetings
>>> ~Henrik "HerHde" Hüttemann
>>
>> Just a reminder...
>>
>> Some products using polarSSL can not work with SHA-512
>> Sometime ago I had to switch back to SHA-256.
>>
SHA2-256 will still be available for selection. It just won't be the
default.
Do you know if and when PolarSSL fixed this interop issue?
>> Hans
>>
>
Regards,
BenBE.
[1] https://en.wikipedia.org/wiki/SHA-2#Cryptanalysis_and_validation
[2] https://en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
[3] https://en.wikipedia.org/wiki/PKCS_1#Schemes
[4] https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding
P.S.: Please include the software list at cacert-devel AT l.c.o when replying.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: Updating default hash algorithm, Benny Baumann, 05/29/2015
- <Possible follow-up(s)>
- Re: Updating default hash algorithm, Benny Baumann, 05/30/2015
Archive powered by MHonArc 2.6.18.