apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: SHA256 and friends.
Date Fri, 20 Jan 2017 15:19:07 GMT

> On 20 Jan 2017, at 16:02, Ben Laurie <ben@links.org> wrote:
> On 20 January 2017 at 14:52, Dirk-Willem van Gulik <dirkx@webweaving.org> wrote:
>>> On 20 Jan 2017, at 15:46, Ben Laurie <ben@links.org> wrote:
>>> On 20 January 2017 at 14:36, Dirk-Willem van Gulik <dirkx@webweaving.org>
>>>> On 20 Jan 2017, at 13:00, Ben Laurie <ben@links.org> wrote:
>>>>> Why do you need the obsolete hash functions?
>>>> I am still in the middle of some inventory work with the help of a few friendly
enterprise & cloud folks.
>>>> But it is nog looking good -- so far its seems that:
>>>> -       md4 is rarely used (i,e.a actually called).
>>>> -       md5 is very often used for
>>>>       - salted password
>>>>       - creating all sorts of unguessable IDs.
>>>>       - generation of a randomish token/digest
>>>>       - creating/protecting session cookies
>>>>       - creating 12/23/34/1221231.txt file trees or similar equal wear file
/ tmp file fanout.
>>>>       - checksumming a file along the lines of taking an fstat() snapshot.
>>>>       - commonly used UUID gen.
>>>>       - content-digest generation for things like cache headers, imap/sieve
>>>>       - file integrity.
>>>> -       sha1 is used a factor 10x less. Mostly:
>>>>       - salted password
>>>>       - creating/protecting session cookies
>>>> -       sha256 && 512 seems to be used about as often md4.
>>>> Though nothing stopping us from having a snotty warning/#define to discourage
use - and  wack the 60  or so distinct places/ where MD5 is currently used in subversion/httpd
and friends and upping this to at least sha256.
>>>> I guess cryptographically there is little point between an MD5 and the last
16 bytes of a SHA256 ? Correct ?
>>> Not sure what question you're asking?
>> So MD5 seems by far the dominant digest method. MOST is actually just to get a nice
hash/randmomish thing.  Or just simple integrety.
>> Only in a few cases does it actually need to be an MD5 for interoperability (E.g.
the Content-MD5 header of htttp, the salted-MD5 against an existing htpassword file).
>> In most other cases it could silently be replaced by the last 16 bytes of a SHA256
(and in quite a few cases; buffer issues permitting; in a full SHA256).
>> So is, from a security perspective, the last 16 bytes of a SHA256 over a given datablock
equivalent to a MD5 over the same datablock. In terms of being able to determine the outcome;
i.e. produce clashing hashes/synthesise data with the same (partial) hash ?
>> Or are the last* 16 bytes of a SHA256 'harder' to control ?
> Last 16 of SHA-256 is stronger than MD5 because, unlike MD5, it hasn't
> been broken.

Ok so if we had a special #ifdef for 'TRUE_MD5 and would manually tweak/mark up the 2 or 3
that we know we need a real MD5 - we could have a 'fiddle' mode where we silently return a
better 'md5'
in the places where we would like to use a SHA256 but it is just too much hassle to adjust


View raw message