Re: [office] Passwords

[Daniel Carrera <daniel.carrera@zmsl.com>]

On Tue, 2006-28-11 at 11:11 +0000, Daniel Carrera wrote:
> Yes, that would be good. We can say that SHA1, SHA256, SHA512 and
> RIPMEND-160 are all ok (list taken from xmlenc), but all implementations
> must support at least SHA256 but preferably all.

I know this is moving further away from Florian's list, but I think we
should also include WHIRLPOOL. There are good reasons for this:

1) SHA and RIPMEND are based on the same design principles, the same as
MD4/MD5, and hashes from this family are continuously being broken (MD4,
MD5, SHA-0, SHA-1 and the original RIPMEND). Some worry that there is a
fundamental design problem (see Bruce Schneier) and we need a completely
different algorithm.

WHIRLPOOL is the only popular hash I know of that is of a different
design.

2) WHIRLPOOL is an ISO standard (ISO/IEC 10118-3), is un-patented, is
believed to be secure, and it has been recommended by the NESSIE
project.

NESSIE = New European Schemes for Signatures, Integrity and Encryption

http://en.wikipedia.org/wiki/NESSIE

I notice that NESSIE did _not_ recommend SHA-1 at all, but only the
later variants.


In fact, why don't we use the NESSIE list instead of xmlenc? NESSIE's
list is WHIRLPOOL, SHA-256, SHA-384 and SHA-512.

I would feel more comfortable using this list than the other one. And we
could say that applications must support at least WHIRLPOOL and SHA-256.

What do you think?

Cheers,
Daniel.
-- 
"I AM in shape. Round IS a shape."

This is a digitally signed message part