Hello all.
SHA-1 is used in many places throughout XMPP. Examples include authentication mechanisms (SCRAM-SHA-1) and entity capabilities (XEP-0115), for instance. Concerning the recent report about vulnerabilities found in SHA-1, should there be an effort to upgrade all these to SHA-256 or later? Best regards, Peter Waher Ref: https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/ [https://www.wired.com/wp-content/uploads/2017/02/Cryptography-2x1-1200x630-e1487801673377.jpg]<https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/> A Super-Common Crypto Tool Turns Out to Be Super-Insecure<https://www.wired.com/2017/02/common-cryptographic-tool-turns-majorly-insecure/> www.wired.com NIST has been warning about vulnerabilities in its SHA-1 cryptographic hash function for years, but some services still use it and the threats are growing.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________