Is there an algorithm that computes the strength of a digest alg?

David Schlosnagle schlosna at gmail.com
Tue Oct 25 02:15:51 UTC 2011


You may also want to refer to the following two NIST documents
currently in draft status:

 * SP 800-107 Revised Recommendation for Applications Using Approved
Hash Algorithms (comments due by the end of October) [1]
    - See Table 1: Strengths of the Security Properties of the
Approved Hash Algorithms
 * FIPS 180-4: Secure Hash Standard (SHS) [2]

[1]: http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-107-Revised
[2]: http://csrc.nist.gov/publications/PubsDrafts.html#FIPS-180--4

- Dave


On Mon, Oct 24, 2011 at 11:34 AM, Bruce Rich <brich at us.ibm.com> wrote:
> For the algorithms that NIST recognizes and approves, the doc linked below
> has some strength comparisons in tables near page 60
>
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
>
> Bruce A Rich
> brich at-sign us dot ibm dot com
>
>
>
>
> From:        Bradford Wetmore <bradford.wetmore at oracle.com>
> To:        Weijun Wang <weijun.wang at oracle.com>
> Cc:        "Xuelei.Fan at oracle.com" <Xuelei.Fan at oracle.com>, OpenJDK
> <security-dev at openjdk.java.net>
> Date:        10/23/2011 10:47 PM
> Subject:        Re: Is there an algorithm that computes the strength of a
> digest alg?
> Sent by:        security-dev-bounces at openjdk.java.net
> ________________________________
>
>
> I don't know of anything like that.  As Michael points out, key Lengths
> by themselves are not always a good indicator of relative stength.
>
> BTW, JSSE hard-codes the choices.
>
> Brad
>
>
>
>
> On 10/23/2011 6:52 PM, Weijun Wang wrote:
>> Hi Andrew
>>
>> I need a method
>>
>> boolean isWeakerThan(String a1, String a2)
>>
>> so that isWeakerThan("MD5", "SHA1") returns true and
>> isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a
>> lot of constraints works in JDK 7. Do you have an existing one?
>> Otherwise, I plan to manually assign a value to each known algorithm and
>> compare it.
>>
>> Thanks
>> Max
>
>
>



More information about the security-dev mailing list