Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Points off for SHA-1 Hmac #30

Open
zenzora opened this issue Jun 19, 2015 · 2 comments
Open

Points off for SHA-1 Hmac #30

zenzora opened this issue Jun 19, 2015 · 2 comments

Comments

@zenzora
Copy link

zenzora commented Jun 19, 2015

I don't believe that the rankings should take points off for a site implementing SHA-1 HMAC as a collision attack isn't really applicable in that situation. Many secure sites, including banks, use SHA-1 HMACs without controversy.
@sibiantony
Copy link
Owner

  1. There are plenty of banks that still support old and weak cipher suites (including RC4), possibly because they have old installations and is difficult to migrate. Just that some banks use a specific cipher suite doesn't make them any secure.
  2. While rating a list of algorithms in a single cipher suite (SHA384/SHA256/SHA1), SHA1 is weak, and hence it's rated low. If you've a better rating figure, I'd welcome that. But there is clearly a difference in the strength. (Also compare ssllabs sorting of ciphersuties by strength)
  3. RFC 4868. Section 3.1. (https://tools.ietf.org/html/rfc4868#section-3). Security considerations of the proposed SHA-256+ functions vs. SHA-1 HMAC.
    Most of the security conscious and ready-to-migrate web services out there have already moved to SHA-256 based HMAC (Also AEAD GCM). Google, facebook, Github, .. just to name a few. If these services support older ciphersuites as a last preference, that is only to make older web clients happy.

@zenzora
Copy link
Author

zenzora commented Jun 19, 2015

  1. You're totally correct, just because a "secure" institution supports something doesn't mean its correct.

  2. SHA-1 is weaker than SHA-256 because of its potential for collision attacks. As such I agree that the SHA-1 hash function should be ranked lower that SHA-256 especially in regard to things such as digital signatures. When it comes to HMACs however, collision attacks are not important (the inner hash function provides protection by accepting only a fixed length string) and as such HMAC-SHA-1 as an algorithm is just as secure as 256 is. Here's what Schnier has to say on the subject (https://www.schneier.com/blog/archives/2005/02/sha1_broken.html)

  3. Section 3.1 Seems to support this

    "It is important to note that at this time, it is
    not clear that HMAC-SHA-256 with a truncation length of 128 bits is
    any more secure than HMAC-SHA1 with the same truncation length"

All in all the important issue here is the length of the key. Which in both cases in bound to 2^64

BTW, this really is a great plugin, thanks a bunch for developing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sibiantony @zenzora