On Thu, Jan 20, 2011 at 5:01 PM, Welling, Conrad Gerhart <conrad.gerhart.well...@saic.com> wrote: > My team just received a directive from our customer to "start using SHA-2" > immediately. Yes, in effect, the directive is that vague, and, no, details > have not been forthcoming! So, I intend to tell my superiors that our > product - which uses HTTPS provided by libCurl built with OpenSSL to xfer > files to/from clients - currently SATISFIES this directive because it is > able to authenticate server certificates which have a digest created with > SHA-2. In addition, if asked, I will tell them that a SHA-1 hash inside > each encrypted message transported by SSL is satisfactory and should not be > considered subject to the directive, unless explicitly told otherwise. In > other words, I intend to assert that the only “place” in > server-authenticated HTTPS where SHA-2 has crypto-significance is in > certificate authentication. Is my assessment correct? Thanks. It seems pretty clear that your customer wants SHA-2. So I'm going to say, NO, the assessment is not correct. Presuming the requirement is coming from NIST, it is effective January 1 and means that a security level of 112 bits or higher is required. See SP 800-57 and SP 800-131.
So SHA-1 is out for all but Key Derivation (see SP 800-57, Part I, Table 3, p. 64). SHA-224 and higher are in. 3-key Triple DES and AES are approved; but 2-key Triple DES is out since it only affords 80 bits of security. Also, according to NIST, certificates should now use moduli of 2048 bits. There's a patch waiting if you are interested: http://rt.openssl.org/Ticket/Display.html?id=2354. In WWW land (wild, wild, web), all bets are off as long as the e-commerce is flowing. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
