Change the default from SHA1 #77
Comments
That particular aspect is incorrect, but I agree we should change the default. |
|
Are we okay with SHA-256? Should be fine, just want to make sure. Could also just go all the way to SHA-512. |
|
SHA-512 performs 80 rounds with a blocksize of 1024 bits, whilst SHA-256 performs 64 rounds with a blocksize of 512 bits. This leads to SHA-512 being faster on 64-bit machines for message lengths of more than a few hundred bits. There are potential legacy client support issues with SHA-512 vs SHA-256, but performance at least should not be a reason to only use SHA-256 (and in fact may be a reason to use SHA-512). |
|
Hmm, looks like this already came up before in #66, which I closed because hash security isn't representative of HMAC security. Is there actually any issue with SHA-1 as it's used in this library? |
|
Looks like you're right about that, closing. |
|
See this chat transcript for more discussion: http://chat.stackoverflow.com/transcript/message/35836840#35836840 |
|
I would vote to still upgrade to sha256 for added security. |
|
Unfortunately, I'm out of my element here. Is it actually adding any security as opposed to just taking longer to generate longer hashes? I emailed the cryptography-dev mailinglist to see if some devs with more experience in this area could weigh in. (Hopefully that was the right place to ask.) |
|
With current knowledge it doesn't change anything, but it just seems generally safer should that knowledge change. |
|
See #80, I'm upgrading this to SHA-512 after more discussion. |
SHA1 has been demonstrated to have collisions in the wild (https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html), the default should be changed to e.g. SHA256
The text was updated successfully, but these errors were encountered: