[Cryptography-dev] Is SHA-1 secure when used in HMAC and PBKDF2?

Wed Mar 15 17:37:37 EDT 2017

With that said, if performance is an issue, you might want to look into
using SHA512 instead due to optimizations on 64bit platforms.

On Mar 15, 2017 15:16, "Alex Gaynor" <alex.gaynor at gmail.com> wrote:

> It's also worth noting that the correct time to switch is not when
> something is broken, it's well before then.
>
> Alex
>
> On Wed, Mar 15, 2017 at 5:14 PM, Paul Kehrer <paul.l.kehrer at gmail.com>
> wrote:
>
>> Echoing Alex's comments, SHA1's problems do not affect HMAC constructions
>> so there's no current security issue. That said, optics in cryptography can
>> be important (as you're seeing with your user requests now). You will save
>> yourself a great deal of low grade noise in the future by simply switching
>> now.
>>
>> On March 15, 2017 at 1:53:24 PM, Alex Gaynor (alex.gaynor at gmail.com)
>> wrote:
>>
>> Hi David,
>>
>> You're correct that HMAC's security is still fine when used with SHA-1,
>> HMAC-MD5 is even secure believe it or not.
>>
>> That said, I'd generally recommend people migrate to HMAC-SHA-256
>>  anyways, to make analyzing their software easier.
>>
>> Alex
>>
>> On Wed, Mar 15, 2017 at 1:48 PM, David Lord <davidism at gmail.com> wrote:
>>
>>> Hello cryptography,
>>>
>>> Over at the Flask repos, we've had a number of requests to use SHA-256
>>> instead of SHA-1 in a couple places.
>>> Werkzeug defaults to SHA-1 as part of PBKDF2 to generate password hashes.
>>> ItsDangerous defaults to SHA-1 as part of HMAC signatures.
>>>
>>> After some discussion I concluded that as used in those two methods,
>>> SHA-1's collision issues were not relevant.
>>> However, I'd like to get a second opinion from the cryptography experts.
>>>
>>> I can change the default to SHA-256, but if it's not actually making
>>> things more secure then that's just increasing time and space for no reason.
>>>
>>> Thanks,
>>> David
>>>
>>> _______________________________________________
>>> Cryptography-dev mailing list
>>> Cryptography-dev at python.org
>>> https://mail.python.org/mailman/listinfo/cryptography-dev
>>>
>>>
>>
>>
>> --
>> "I disapprove of what you say, but I will defend to the death your right
>> to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
>> "The people's good is the highest law." -- Cicero
>> GPG Key fingerprint: D1B3 ADC0 E023 8CA6
>>
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
>>
>>
>
>
> --
> "I disapprove of what you say, but I will defend to the death your right
> to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: D1B3 ADC0 E023 8CA6
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170315/6ff77cd7/attachment.html>