OMC VOTE: selection and handling for SHA1 and RIMPEMD160
Tomas Mraz
tomas at openssl.org
Wed Oct 12 15:51:35 UTC 2022
On Wed, 2022-10-12 at 11:00 -0400, Viktor Dukhovni wrote:
> On Wed, Oct 12, 2022 at 03:35:19PM +0200, Richard Levitte wrote:
>
> > Topic: Provider selection and handling for SHA1 and RIPEMD160
> > should be identical
> > given the current understanding of algorithm specific
> > security issues.
>
> Shouldn't real-world usage be taken into account. SHA1 is widely
> used,
> and even has important use-cases that aren't going away and where
> collision resistance is not a major concern, e.g. NSEC3 in DNSSEC
> where it is used for light obfuscation, not cryptographic signing.
>
> I am not aware of any extant protocols that rely on RIPEMD160. I
> think
> that strictly looking at security margins is misguided, real world
> usage
> needs to inform any such decision, and users should be able to easily
> keep SHA1 without bringing RIPEMD160 along for the ride.
There is one widespread "protocol" relying on RIPEMD160 - Bitcoin.
--
Tomáš Mráz, OpenSSL
More information about the openssl-project
mailing list