Re: [office] Passwords

[Daniel Carrera <daniel.carrera@zmsl.com>]

On Tue, 2006-28-11 at 10:59 +0000, Dave Pawson wrote:
> > That's a good idea, though I note that since this spec was written some
> > new attacks on SHA1 have appeared. Is it possible to say "use xmlenc
> > _except_ we change SHA256 from RECOMMENDED to REQUIRED"?
[snip]
> How about adding some flexibility for implementors.
> I.e. list  a few acceptable encryption algorithms, then require
> that an implementation record the one used, which then
> means that other implementations can use a number of algorithms
> and we can have interop?

Yes, that would be good. We can say that SHA1, SHA256, SHA512 and
RIPMEND-160 are all ok (list taken from xmlenc), but all implementations
must support at least SHA256 but preferably all.

> The informative clauses can be used to explain the rationale for
> requiring SHA256?

Yes. Developers may not know that SHA1 is becoming week rather quickly.
I just read that RSA expects a successful pre-image attack on SHA1
within 5-10 years.

http://www.heise-security.co.uk/articles/75686/2

That _would_ render SHA1 useless for passwords.

Cheers,
Daniel.
-- 
"I AM in shape. Round IS a shape."

This is a digitally signed message part