Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

It's time to move on...

As many of you must have heard MD5, and a lot of older hash algorithms, has been broken (link with nice "try it at home" instructions :-). That is MD5 isn't collision free (actually so is SHA-0 but most people don't even know it existed so... ;-).

This can look very bad when know all (well parts) of the software that relies on MD5 (e.g. SSL/TLS). However not being collision free doesn't means an hash algorithm is useless - and when that property is really important good protocols will protect themselves. For example SSL use a dual concatenated hash (MD5-SHA1) while TLS use an HMAC (with inner and outer hash). You can still worry about SSL/TLS as you like but don't use MD5 as an easy excuse ;-)

There is a lot of techno-talk (and FUD) about this. Actually this isn't big news as MD5 had been known to be weak for quite some time. RSA even advised not to use the algorithm in new design, requiring collision resistance, since summer 1996. For those interested to understand more in a single page I suggest the recent article from Bruce Schneier.

Right now the main alternative is to use SHA-1 or one of the newer SHA-2 family algorithms. In this .NET users are lucky as all SHA algorithms are available - except for the newer SHA-224 variant. This late member was added to fill a gap in the security level NIST is promoting.

Sadly it doesn't seems we'll get SHA-224 support in .NET Framework 2.0 (but feel free to vote for it ;-). It's even more sad considering that SHA-224 is a subset of SHA-256 (like SHA-384 is a subset of SHA-512) - i.e. except for it's initial values (eight 32 bits values) it's the same algorithm as SHA-256, where the last 4 bytes are discarded (and yes that also means that it is computationally similar to SHA-256).

What does this means for Mono:: ?

Well, not much for Mono itself. But, as a framework, Mono has a kind of responsability to provide the right tools and documentation for it's developers. So the first step was to update Monodoc (online version may not be up to date right now) with this new information. This is similar to the warnings we already had for older hash algorithms: MD2 and MD4 in Mono.Security.

The second step was to add support for SHA-224 in Mono.Security.dll assembly so it can become part of Mono in its next release. This way we both retain API compatibility with Fx 2.0 and let Windows/MS runtime users the flexibility to use SHA-224 is they want to.

We can't really say goodbye to MD5. This algorithm will stays with us for many (many!) years - witness the need to implement MD2 and MD4 in Mono as proof of this. But we should welcome the newer one as soon as we design ;-).


9/18/2004 20:55:12 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.