1 / 7

SHA-1 and DNS in 2005

SHA-1 and DNS in 2005. [ lafur Gu x mundsson DNSEXT co-chair. IETF-62 March 2005 ogud@ogud.com. SHA-1 collision attack. Takes less time to find two sets of data that have same SHA-1 signature It was assumed to take around 2^80 attempts Attack reduces to 2^69. Still a real long time.

ashby
Download Presentation

SHA-1 and DNS in 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SHA-1 and DNS in 2005 [lafur Guxmundsson DNSEXT co-chair IETF-62 March 2005 ogud@ogud.com

  2. SHA-1 collision attack • Takes less time to find two sets of data that have same SHA-1 signature • It was assumed to take around 2^80 attempts • Attack reduces to 2^69. • Still a real long time. • Not known if the attack works on >structured= data such as DNS RR=s and DNS messages. • Attacks only get better • Hardware gets better • Trivial to distribute effort • HMAC is resistant to this attack

  3. Where is SHA-1 used in DNS • RRSIG • TSIG (proposed) • DS

  4. RRSIG • Resiliane: • Digest covers structed data • DNS SIG header • DNS RR header • DNS RR=s • Digest covers some Arandom data@ • Time signed and expiry • Data is known/valid for a limited time. • RRSIG risk is low

  5. TSIG/SHA1 • Resiliance: • Covers Arandom@ data • Time signed and fudge • HMAC of query. • Valid for a real short time (300 s) • Uses HMAC • Threat level: extremly low

  6. DS • Long lived simple SHA-1 digest • Mitigating factors • Covers name • Digest must cover useable new key. • Key generation is harder than calculating new digest on random data • Risk: Low to medium

  7. Going forward • DS: • Plan effort to add a second digest • Not sure which one to pick • wait for security area guidance • Transition/Rollover issues • Not needed in near term • RRSIG • Think about adding new digests to RSA and ECC • Not needed anytime soon. • TSIG • Proposal mandating implementation of SHA-256 • Not realy needed but harmless

More Related