apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@links.org>
Subject Re: SHA256 and friends.
Date Fri, 20 Jan 2017 15:02:02 GMT
On 20 January 2017 at 14:52, Dirk-Willem van Gulik <dirkx@webweaving.org> wrote:
>
>> On 20 Jan 2017, at 15:46, Ben Laurie <ben@links.org> wrote:
>>
>> On 20 January 2017 at 14:36, Dirk-Willem van Gulik <dirkx@webweaving.org> wrote:
>>> On 20 Jan 2017, at 13:00, Ben Laurie <ben@links.org> wrote:
>>>
>>>> Why do you need the obsolete hash functions?
>>>
>>> I am still in the middle of some inventory work with the help of a few friendly
enterprise & cloud folks.
>>>
>>> But it is nog looking good -- so far its seems that:
>>>
>>> -       md4 is rarely used (i,e.a actually called).
>>>
>>> -       md5 is very often used for
>>>        - salted password
>>>        - creating all sorts of unguessable IDs.
>>>        - generation of a randomish token/digest
>>>        - creating/protecting session cookies
>>>        - creating 12/23/34/1221231.txt file trees or similar equal wear file
/ tmp file fanout.
>>>        - checksumming a file along the lines of taking an fstat() snapshot.
>>>        - commonly used UUID gen.
>>>        - content-digest generation for things like cache headers, imap/sieve
breakout.
>>>        - file integrity.
>>>
>>> -       sha1 is used a factor 10x less. Mostly:
>>>        - salted password
>>>        - creating/protecting session cookies
>>>
>>> -       sha256 && 512 seems to be used about as often md4.
>>>
>>> Though nothing stopping us from having a snotty warning/#define to discourage
use - and  wack the 60  or so distinct places/ where MD5 is currently used in subversion/httpd
and friends and upping this to at least sha256.
>>>
>>> I guess cryptographically there is little point between an MD5 and the last 16
bytes of a SHA256 ? Correct ?
>>
>> Not sure what question you're asking?
>
> So MD5 seems by far the dominant digest method. MOST is actually just to get a nice hash/randmomish
thing.  Or just simple integrety.
>
> Only in a few cases does it actually need to be an MD5 for interoperability (E.g. the
Content-MD5 header of htttp, the salted-MD5 against an existing htpassword file).
>
> In most other cases it could silently be replaced by the last 16 bytes of a SHA256 (and
in quite a few cases; buffer issues permitting; in a full SHA256).
>
> So is, from a security perspective, the last 16 bytes of a SHA256 over a given datablock
equivalent to a MD5 over the same datablock. In terms of being able to determine the outcome;
i.e. produce clashing hashes/synthesise data with the same (partial) hash ?
>
> Or are the last* 16 bytes of a SHA256 'harder' to control ?

Last 16 of SHA-256 is stronger than MD5 because, unlike MD5, it hasn't
been broken.

> Because in that case we get some nice middle ground,
>
> Dw.
>
> Or an XOR fold of all its byte into 16.
>
>
>
>
>
>
>
>

Mime
View raw message