Re: Using MGF1 for key generation

From: Joseph Ashwood (ashwood_at_msn.com)
Date: 08/02/05


Date: Tue, 02 Aug 2005 05:06:32 GMT


"David Wagner" <daw@taverner.cs.berkeley.edu> wrote in message
news:dclne5$m1o$4@agate.berkeley.edu...
> Joseph Ashwood wrote:
>>Generaly advice at this point is that MGF1 (based on SHA-1) should not be
>>used for new designs due to the recent breaks in SHA-1,
>
> Hmm. I guess I hadn't heard that one. Is there any justification?
> My sense is that you shouldn't use SHA1 in new systems for its
> collision-resistance, but it is fine to use SHA1-HMAC for its properties
> as a pseudorandom function.

Currently it is fine, my reasons for doing this are that as SHA-1 usefulness
is narrowed it becomes far less confusing to say "Use SHA-512, or
HMAC-SHA-512" which leads them to use SHA-512 something, than "Use SHA-512,
or HMAC-SHA-1" in which case it is very possible that they will simply use
SHA-1 with it's arguable security. Since there is a reasonable belief that
SHA-256/512 is superior to SHA-1 it seems reasonable to give only those
options. The only downside is that as Paul Rubin points out there are
reasons to use SHA-1 (or 3DES) at this point which is why I always recommend
that everyone prepare to rollover to a different cipher/hash/etc when
necessary.
                    Joe



Relevant Pages

  • Re: Using MGF1 for key generation
    ... >used for new designs due to the recent breaks in SHA-1, ... Hmm. ... Is there any justification? ...
    (sci.crypt)
  • Re: Science versus religion fnord
    ... The justification itself though is somewhat interesting. ... There are solid biological reasons for this. ... community. ... This is a little long-winded way of saying that I still am not sure ...
    (talk.origins)
  • Re: Well, that _was_ neat!
    ... Hmm, possibly NSFW, that. ... He was kicked out of the 2004 Anime Expo in LA for ... basically those reasons. ...
    (alt.sysadmin.recovery)
  • Re: OT Order yours today!
    ... If the reasons you list were used as justification for the war, ... As justification after justification ... matter how you spin it (and how many times a lie is repeated), ...
    (rec.music.makers.percussion)
  • Re: POLL -- Violence Against Women
    ... list among their possible reasons that a small woman deserved ... O - why not just ask if violence is justified under any conditions? ... any of that as any kind of a justification for the man to ... you are a dreadfully stupid cunt, ...
    (misc.writing)