web-server Cryptographic hash function security

Cryptographic hash function security

Open LiberalArtist opened this issue 6 years ago • 1 comments

A few places in the web server use cryptographic hash functions, specifically MD5 and SHA1:

md5-stuffer
HMAC-SHA1 and HMAC-SHA1-stuffer from web-server/stuffers/hmac-sha1
All of the functions from web-server/http/id-cookie are built on HMAC-SHA1.

Neither MD5 nor SHA1 are recommended anymore for general use as cryptographic hash functions. IIUC, the vulnerabilities in both cases are (so far) only with collisions, not preimages, which I think means some or all of these uses are still ok—but "I think" is not something I like to rely on when it comes to crypto.

I propose that:

We should document the security considerations applicable to each use of cryptographic hash functions.
If MD5 or SHA1 are insecure in any of these applications, we should replace them with better hash functions. Conveniently, racket/base now provides sha256-bytes and sha254-bytes.

Aug 17 '19 07:08 LiberalArtist

Good idea

Aug 17 '19 19:08 jeapostrophe

web-server web-server copied to clipboard

Cryptographic hash function security

web-server
web-server copied to clipboard