Bashing hashes

[sevenstring]

For anyone who doesn't know, I'm currently in Gaithersburg, MD (kinda near Washington, DC), where I've been attending the NIST Hallowe'en Hash Bash.

Comments

[gerald_duck]

Make sure that you can actually cope with switching hash functions

Um. How does one do that?

If you just mean "make sure you can bolt in replacement code, recompile and re-issue the software, then this is surely trivial Best Practice anyway?

If you intend that a system support some kind of migration… surely until everything's upgraded things are only as secure as the best hash that it's mandatory for all components to support, because of downgrade attacks?

Or has that problem become better understood since I last glanced in its general direction?

[armb]

It doesn't have to be mandatory in a "the standard says MUST" way, you just have to be in a position to say "I won't accept connections using weaker things". Back when exported-from-the-US web browsers only supported weak encryption (without patching), there were web sites that wouldn't talk to them. Some people accept ssh v1, some require v2.

[gerald_duck]

OK… but mdw is suggesting some planning is necessary now; what you're suggesting requires nothing be done this instant. One can't implement a way of refusing weak connections until the stronger alternative is available.

And, if I understand the vibe correctly, the thing we ought to have migrated towards by 2015 hasn't been invented yet. )-8

[sevenstring]

Migration is probably essential for any Interesting systems. If you don't do something to allow parallel running, users won't switch, ever.

Steve Bellovin gave an interesting talk on the subject of upgrading real systems, and in particular how nothing he's looked at yet actually got it right.

Nobody said it'd be easy.

[ex_lark_asc]

Hash, bash, kersplash. Succatash?

Miss you. Come back, and don't die on the way :)

[megamole]

Dad's best friend from university lives in Gaithersburg.