On Fri, Oct 02, 2009 at 01:17:26PM -0500, Nicolas Williams wrote: > On Fri, Oct 02, 2009 at 06:14:47PM +0100, Alexey Melnikov wrote: > > On Thu, Sep 24, 2009 at 2:22 AM, Ben Campbell <ben@xxxxxxxxxxxx> wrote: > > > I'm no crypto expert, so please forgive me if this is silly--but isn't there > > > a movement to phase out sha-1? If so, should that be the default "must > > > implement" hash for a new mechanism? > > > > My understanding is that use of SHA-1 under HMAC is still considered reasonable. > > The WG debated at length use of SHA-1 versa use of SHA-256, etc. and decided > > to proceed with SHA-1, because it is more frequently implemented in libraries > > and hardware. > > This matter has come up elsewhere, such as in the KRB-WG. NIST has not > obsoleted the use of HMAC-SHA-1, though I don't have a reference handy > at the moment (but a quick search of the KRB-WG mailing list and, maybe, > the krbdev@xxxxxxx list should yield one). http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html "After 2010, Federal agencies may use SHA-1 only for the following applications: hash-based message authentication codes (HMACs); key derivation functions (KDFs); and random number generators (RNGs). Regardless of use, NIST encourages application and protocol designers to use the SHA-2 family of hash functions for all new applications and protocols." Nico -- _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf