Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
MIME-Version: 1.0
Sender: benlaurie@gmail.com
In-Reply-To: <B3333FBE-0FA0-49FE-B891-2063FD46D431@webweaving.org>
References: <EB050EBB-EA5E-4908-9B6A-031E5B6F5E0E@webweaving.org>
 <BCC8F08D-6B96-4137-98A7-DC748F2B7A9A@webweaving.org> <DCD529CE-6AFC-4606-98ED-189CF51FB511@sharp.fm>
 <493F36A5-3620-4603-BFB2-6C16E77D243B@webweaving.org> <CAG5KPzw+Gy9kLx0VOQYu4BCPsUNAjr=9tOAZdsPCw5goQ+1sqw@mail.gmail.com>
 <4DC52F49-6198-46DC-AB86-9E6FDEAF1F4E@webweaving.org> <CAG5KPzyLo1+Un6D1rXesLgVV+Je-J5LbLKkHdSS+sFH1vE69JA@mail.gmail.com>
 <B3333FBE-0FA0-49FE-B891-2063FD46D431@webweaving.org>
From: Ben Laurie <ben@links.org>
Date: Fri, 20 Jan 2017 15:02:02 +0000
Message-ID: <CAG5KPzzMnT=w5cfdPQzYy1tTHTG-gM2bg0Vm6tr-mpPmcFwukA@mail.gmail.com>
Subject: Re: SHA256 and friends.
To: Dirk-Willem van Gulik <dirkx@webweaving.org>
Cc: Graham Leggett <minfrin@sharp.fm>, APR Developer List <dev@apr.apache.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
archived-at: Fri, 20 Jan 2017 15:02:10 -0000

On 20 January 2017 at 14:52, Dirk-Willem van Gulik <dirkx@webweaving.org> w=
rote:
>
>> On 20 Jan 2017, at 15:46, Ben Laurie <ben@links.org> wrote:
>>
>> On 20 January 2017 at 14:36, Dirk-Willem van Gulik <dirkx@webweaving.org=
> wrote:
>>> On 20 Jan 2017, at 13:00, Ben Laurie <ben@links.org> wrote:
>>>
>>>> Why do you need the obsolete hash functions?
>>>
>>> I am still in the middle of some inventory work with the help of a few =
friendly enterprise & cloud folks.
>>>
>>> But it is nog looking good -- so far its seems that:
>>>
>>> -       md4 is rarely used (i,e.a actually called).
>>>
>>> -       md5 is very often used for
>>>        - salted password
>>>        - creating all sorts of unguessable IDs.
>>>        - generation of a randomish token/digest
>>>        - creating/protecting session cookies
>>>        - creating 12/23/34/1221231.txt file trees or similar equal wear=
 file / tmp file fanout.
>>>        - checksumming a file along the lines of taking an fstat() snaps=
hot.
>>>        - commonly used UUID gen.
>>>        - content-digest generation for things like cache headers, imap/=
sieve breakout.
>>>        - file integrity.
>>>
>>> -       sha1 is used a factor 10x less. Mostly:
>>>        - salted password
>>>        - creating/protecting session cookies
>>>
>>> -       sha256 && 512 seems to be used about as often md4.
>>>
>>> Though nothing stopping us from having a snotty warning/#define to disc=
ourage use - and  wack the 60  or so distinct places/ where MD5 is currentl=
y used in subversion/httpd and friends and upping this to at least sha256.
>>>
>>> I guess cryptographically there is little point between an MD5 and the =
last 16 bytes of a SHA256 ? Correct ?
>>
>> Not sure what question you're asking?
>
> So MD5 seems by far the dominant digest method. MOST is actually just to =
get a nice hash/randmomish thing.  Or just simple integrety.
>
> Only in a few cases does it actually need to be an MD5 for interoperabili=
ty (E.g. the Content-MD5 header of htttp, the salted-MD5 against an existin=
g htpassword file).
>
> In most other cases it could silently be replaced by the last 16 bytes of=
 a SHA256 (and in quite a few cases; buffer issues permitting; in a full SH=
A256).
>
> So is, from a security perspective, the last 16 bytes of a SHA256 over a =
given datablock equivalent to a MD5 over the same datablock. In terms of be=
ing able to determine the outcome; i.e. produce clashing hashes/synthesise =
data with the same (partial) hash ?
>
> Or are the last* 16 bytes of a SHA256 'harder' to control ?

Last 16 of SHA-256 is stronger than MD5 because, unlike MD5, it hasn't
been broken.

> Because in that case we get some nice middle ground,
>
> Dw.
>
> Or an XOR fold of all its byte into 16.
>
>
>
>
>
>
>
>