[smb at cs.columbia.edu: how to phase in new hash algorithms?]
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Mon Mar 21 06:09:38 EST 2005
seems to be applicable to those DNSSEC implementations that are
based on the OpenSSL libraries...
----- Forwarded message from "Steven M. Bellovin" <smb at cs.columbia.edu> -----
From: "Steven M. Bellovin" <smb at cs.columbia.edu>
Subject: how to phase in new hash algorithms?
Date: Wed, 16 Mar 2005 12:02:01 -0500
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go. The problem is how to get there from
here.
OpenSSL 0.9.7 doesn't even include anything stronger than SHA1. As a
practical matter, this means that no one can use anything stronger in
certificates, especially root certificates. Worse yet, people can't
use anything stronger for public consumption for at least five years
after a stronger hash algorith is available -- we have to wait until
most older software has died off, since most machines are never
upgraded. This means that appearance of the code in client machines is
on the critical path. I've heard that OpenSSL 0.9.8 will include
stronger hashes, but there's no work in progress to backport the code
to 0.9.7.
So -- what should we as a community be doing now? There's no emergency
on SHA1, but we do need to start, and soon.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
----- End forwarded message -----
More information about the Dnssec-deployment
mailing list