Is there an algorithm that computes the strength of a digest alg?
David Schlosnagle
schlosna at gmail.com
Tue Oct 25 02:15:51 UTC 2011
You may also want to refer to the following two NIST documents
currently in draft status:
* SP 800-107 Revised Recommendation for Applications Using Approved
Hash Algorithms (comments due by the end of October) [1]
- See Table 1: Strengths of the Security Properties of the
Approved Hash Algorithms
* FIPS 180-4: Secure Hash Standard (SHS) [2]
[1]: http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-107-Revised
[2]: http://csrc.nist.gov/publications/PubsDrafts.html#FIPS-180--4
- Dave
On Mon, Oct 24, 2011 at 11:34 AM, Bruce Rich <brich at us.ibm.com> wrote:
> For the algorithms that NIST recognizes and approves, the doc linked below
> has some strength comparisons in tables near page 60
>
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
>
> Bruce A Rich
> brich at-sign us dot ibm dot com
>
>
>
>
> From: Bradford Wetmore <bradford.wetmore at oracle.com>
> To: Weijun Wang <weijun.wang at oracle.com>
> Cc: "Xuelei.Fan at oracle.com" <Xuelei.Fan at oracle.com>, OpenJDK
> <security-dev at openjdk.java.net>
> Date: 10/23/2011 10:47 PM
> Subject: Re: Is there an algorithm that computes the strength of a
> digest alg?
> Sent by: security-dev-bounces at openjdk.java.net
> ________________________________
>
>
> I don't know of anything like that. As Michael points out, key Lengths
> by themselves are not always a good indicator of relative stength.
>
> BTW, JSSE hard-codes the choices.
>
> Brad
>
>
>
>
> On 10/23/2011 6:52 PM, Weijun Wang wrote:
>> Hi Andrew
>>
>> I need a method
>>
>> boolean isWeakerThan(String a1, String a2)
>>
>> so that isWeakerThan("MD5", "SHA1") returns true and
>> isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a
>> lot of constraints works in JDK 7. Do you have an existing one?
>> Otherwise, I plan to manually assign a value to each known algorithm and
>> compare it.
>>
>> Thanks
>> Max
>
>
>
More information about the security-dev
mailing list