At 10:23 AM 3/8/2005 +0100, [EMAIL PROTECTED] writeth: >Hello everybody, > >I am not quite sure which list to address so I chose both. > >Regarding the news around the "breaking" of SHA1, I wonder if it is planned >or already in work to implement other hash algorithms like SHA256 into >OpenSSL. > >Best Regards > >Thomas Beckmann
Well, implementing those algorithms is pretty much worthless for most users if the browsers won't implement them. Still worth a shot to try to get them to forward implement...but there will be a lot of incompatibility for a while. Personally, I'd just be happy with SHA512. Of course, I'm the sort of person who uses "overkill" as a noun. It is interesting to note that SHA256 is nearly identical in implementation to SHA384 and SHA512 (i.e. once SHA256 is broken, SHA384 and SHA512 will be "broken" in the same paper in theoretical terms of SHA256). SHA384 and SHA512 are exactly identical except for starting conditions. I'm actually more favorably disposed towards using a non-MD4 lookalike. SHAx looks and feels too much like MD4/MD5. Unfortunately, not very many cryptographic hashes exist that haven't been broken in some way. Development of cryptographic hashes pretty much halted back in late 1999. I've been wondering for a while if it is possible to use multiple hashes for data needing thumbprint verification. There is a relative analogy of two metals that, separate, are weak, but when melted and made into an alloy are stronger than their separate components total strength. Applying this idea to hashes, first use a hash like MD5, which has one family of known weaknesses. Then, use a second hash like SHA-1, which has a different, non-overlapping family of known weaknesses. The idea is that when the two cryptographically weak hashes are combined, there is no _known_ family of weakness. This means that there could still be some weaknesses, but they haven't been found yet. Obviously, _if_ this is a valid concept, the basic principle could be applied to stronger hash algorithms that haven't been broken yet to make them that much more resilient to cryptanalysis attacks. Note that I'm not a cryptanalyst*, but this seems very logical to me from my point of view. * Of course, I'm sticking my nose into an area I'm a relative "newbie" in, so I'm already well prepared to insert foot in mouth. Just a thought. Thomas J. Hruska [EMAIL PROTECTED] Shining Light Productions Home of the Nuclear Vision scripting language and ProtoNova web server. http://www.slproweb.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
