On St, 2014-06-04 at 16:15 +0200, Till Maas wrote:
> On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote:
>
> > =====FUTURE======
> > A level that will provide security on a conservative level that is
> > believed to withstand any near-term future attacks. That will be
> > an 128-bit security level, without including protocols with known
> > attacks available (e.g. SSL 3.0/TLS 1.0). This level may prevent
> > communication with commonly used systems that provide weaker security
> > levels (e.g., systems that use SHA-1 as signature algorithm).
> >
> > MACs: SHA1+
> ^^^^^
> > Curves: All supported
> > Signature algorithms: must use SHA-256 hash or better
> > Ciphers: AES-GCM, AES-CBC, CAMELLIA-GCM, CAMELLIA-CBC
> > Key exchange: ECDHE, RSA, DHE
> > DH params size: 2048+
> > RSA params size: 2048+
> > SSL Protocols: TLS1.1+
>
> Why is SHA1+ allowed as MAC here?
SHA1 is 128 bit security level when used within HMAC for message
authentication. You cannot apply birthday attack to message
authentication.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
