[Dnssec-deployment] Starting with SHA1?

Ondřej Surý ondrej.sury at nic.cz
Thu Aug 5 06:13:26 EDT 2010

I would like to point out, that I am not saying that we should panic and 
take any action now.  It's just an interesting article and it could be 
taken into account at the time you are choosing algorithm to use for 
next 3-5 years.

Size of the signature is same for RSASHA256 and RSASHA512.  And the 
difference in speed (measured by openssl speed on my laptop) also 
doesn't favor one or another (sha256 is faster for 16 bytes blocks):

The 'numbers' are in 1000s of bytes per second processed.
type       16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha256      9964.41k    22474.96k    38404.89k    46643.37k    50400.30k
sha512      7346.31k    29474.37k    49048.82k    71136.28k    82201.51k


On 5.8.2010 09:59, Ondřej Surý wrote:
> Paul,
> On 5.8.2010 01:27, Paul Hoffman wrote:
>> At 1:12 AM +0200 8/5/10, Ondrej Filip wrote:
>>>> I believe, this article could be interesting for you. It was
>>>> discovered by one Czech colleague. This was exactly the reason we
>>>> made a last minute change from SHA-256 to SHA-512.
>>> And here is the link - http://eprint.iacr.org/2010/430
>> Maybe you misread the paper. It says "Our attack reduces the
>> collision search, from the generic bound of 2^(n/2) to 2^(n/2-k/2)
>> number of hash calls, where hashing is done over messages of length
>> 2^k blocks." It is unlikely (actually, impossible) that any of your
>> DNS records will be 2^256 bits long.
> Correct me if I am wrong, but I don't think you need 2^256 messages long
> (n != k).
> f.e. if I have a RRSet 2^13 bits long (approx what .CZ has for DNSKEY
> RRSIG now) then the collision search is reduced to 2^(256/2)-(13/2),
> i.e. to 2^122.
> And it get's worse for TXT records which can grow bigger, doesn't it?
> Ondrej

  Ondřej Surý
  vedoucí výzkumu/Head of R&D department
  CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
  Americka 23, 120 00 Praha 2, Czech Republic
  mailto:ondrej.sury at nic.cz    http://nic.cz/
  tel:+420.222745110       fax:+420.222745112

More information about the Dnssec-deployment mailing list