On St, 2014-06-04 at 16:15 +0200, Till Maas wrote: > On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote: > > > =====FUTURE====== > > A level that will provide security on a conservative level that is > > believed to withstand any near-term future attacks. That will be > > an 128-bit security level, without including protocols with known > > attacks available (e.g. SSL 3.0/TLS 1.0). This level may prevent > > communication with commonly used systems that provide weaker security > > levels (e.g., systems that use SHA-1 as signature algorithm). > > > > MACs: SHA1+ > ^^^^^ > > Curves: All supported > > Signature algorithms: must use SHA-256 hash or better > > Ciphers: AES-GCM, AES-CBC, CAMELLIA-GCM, CAMELLIA-CBC > > Key exchange: ECDHE, RSA, DHE > > DH params size: 2048+ > > RSA params size: 2048+ > > SSL Protocols: TLS1.1+ > > Why is SHA1+ allowed as MAC here? SHA1 is 128 bit security level when used within HMAC for message authentication. You cannot apply birthday attack to message authentication. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security