URL: https://github.com/freeipa/freeipa/pull/500
Title: #500: Replace sha1 fingerprints with sha256

tiran commented:
Let's step on the breaks first and do a proper threat analysis. Is it really 
necessary to drop SHA-1 like a hot potato and go for SHA-256 right now? It 
still takes a lot of effort to create a SHA-1 collision. It hasn't been shown 
for certificates yet.

* SHA-1 in OTP is fine. OTP uses HMAC and truncated hashes. The attack doesn't 
apply to HMAC-SHA1. There are also severe compatibility issues. Some commonly 
used OTP generators do not support SHA1. Before we change OTP, we must make 
sure that our own OTP generator, Google's OTP generator, and Yubico's OTP 
generator in all Yubikey's work. (I'm using Yubico Authenticator over NFC).

* Is SHA-256 the correct answer? What about SHA-224 or SHA-384 or a totally 
different approach like SHA3-256? MD5, SHA-1 and SHA-2 have a similar design 
(Merkle-Damgard construct but different compression function).

* Should we replace SHA-1 with SHA-2 in a hard cut or can we safely offer both 
hashes for a while to go through a proper deprecation cycle? Do users or 
customers depend on SHA-1 hash values?

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to