Hi Jeff: Jeffrey Walton wrote: > Hi Doctor, > > Form the docs: > SHA1 is the digest of choice for new applications. > > It appears the docs are bit dated. Depending on the application, I > believe NIST recommends that new applications use SHA-2 family (circa > 2006 [1]), and requires SHA-2 after 2010 [2]. Considering McDonald, > Hawkes, and Pieprzyk the security level of SHA-1 to 2^52 (Europcrypt > 2009), SHA-2 should probably be recommended. > Except that until recently, very few applications could actually handle the SHA-2 hash suite. If I am not mistaken, you need to have at least WinXP SP3 or higher to be able to handle this (assuming that you have a server that is OpenSSL based, and a client that is Win CAPI based). Since quite a few folks out there on the Interwebs still haven't adopted this, if you make your application rely on SHA-2, you will have a substantial portion of your user base that won't be able to interact with your application.
So, while the documentation should probably recommend SHA-2, practical considerations need to be taken into consideration for actual deployment. I fully agree - we should all move to the "Suite-B" NSA recommendations, but practically, this would mean that a substantial portion of the worlds users would not be able to interact with that application. Now, MD-5, on the other hand, just needs to be categorically disabled (aside from the one corner case in TLS handshakes where it's actually not dangerous) :) Have fun. Patrick. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
