* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications @ 2019-09-16 8:53 Stefan Kangas 2019-09-16 11:21 ` Lars Ingebrigtsen 0 siblings, 1 reply; 18+ messages in thread From: Stefan Kangas @ 2019-09-16 8:53 UTC (permalink / raw) To: 37420 [-- Attachment #1: Type: text/plain, Size: 385 bytes --] SHA-1 has now seen collision attacks: https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/ We should clarify that these attacks are not only theoretical, and actively discourage using it in security-related applications in the Elisp Manual. The attached patch is an attempt at doing that. Any comments? Best regards, Stefan Kangas [-- Attachment #2: 0001-Recommend-against-SHA-1-for-security-related-applica.patch --] [-- Type: text/x-patch, Size: 1646 bytes --] From 53a42470604e3db6e2f0552eb3481fa64a853458 Mon Sep 17 00:00:00 2001 From: Stefan Kangas <stefankangas@gmail.com> Date: Mon, 16 Sep 2019 10:45:14 +0200 Subject: [PATCH] Recommend against SHA-1 for security-related applications * doc/lispref/text.texi (Checksum/Hash): Clarify that SHA-1 is not collision resistant. --- doc/lispref/text.texi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/lispref/text.texi b/doc/lispref/text.texi index 7ce54f59c6..949797c3ef 100644 --- a/doc/lispref/text.texi +++ b/doc/lispref/text.texi @@ -4710,12 +4710,12 @@ Checksum/Hash SHA-1, SHA-2, SHA-224, SHA-256, SHA-384 and SHA-512. MD5 is the oldest of these algorithms, and is commonly used in @dfn{message digests} to check the integrity of messages transmitted over a -network. MD5 is not collision resistant (i.e., it is possible to -deliberately design different pieces of data which have the same MD5 -hash), so you should not used it for anything security-related. A -similar theoretical weakness also exists in SHA-1. Therefore, for -security-related applications you should use the other hash types, -such as SHA-2. +network. MD5 and SHA-1 are not collision resistant (i.e., it is +possible to deliberately design different pieces of data which have +the same MD5 or SHA-1 hash), so you should not use them for anything +security-related. For security-related applications you should use +the other hash types, such as SHA-2 (@code{sha224}, @code{sha256}, +@code{sha384} or @code{sha512}). @defun secure-hash-algorithms This function returns a list of symbols representing algorithms that -- 2.20.1 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 8:53 bug#37420: [PATCH] Recommend against SHA-1 for security-related applications Stefan Kangas @ 2019-09-16 11:21 ` Lars Ingebrigtsen 2019-09-16 20:29 ` Stefan Kangas 0 siblings, 1 reply; 18+ messages in thread From: Lars Ingebrigtsen @ 2019-09-16 11:21 UTC (permalink / raw) To: Stefan Kangas; +Cc: 37420 Stefan Kangas <stefan@marxist.se> writes: > We should clarify that these attacks are not only theoretical, and > actively discourage using it in security-related applications in the > Elisp Manual. The attached patch is an attempt at doing that. Looks good to me. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 11:21 ` Lars Ingebrigtsen @ 2019-09-16 20:29 ` Stefan Kangas 2019-09-16 20:34 ` Lars Ingebrigtsen 0 siblings, 1 reply; 18+ messages in thread From: Stefan Kangas @ 2019-09-16 20:29 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 37420 [-- Attachment #1: Type: text/plain, Size: 618 bytes --] Lars Ingebrigtsen <larsi@gnus.org> writes: > > We should clarify that these attacks are not only theoretical, and > > actively discourage using it in security-related applications in the > > Elisp Manual. The attached patch is an attempt at doing that. > > Looks good to me. Thanks. I thought a bit more about this, and would like to suggest the attached slightly more ambitious patch which also recommends against them in the doc strings of sha1, md5 and secure-hash. (I also changed so the doc strings consistently say SHA-1 instead of SHA1, which seems to be more correct AFAICT.) Best regards, Stefan Kangas [-- Attachment #2: 0001-Recommend-against-SHA-1-and-MD5-for-security.patch --] [-- Type: text/x-patch, Size: 4014 bytes --] From 9a49ffb8ec5ede05bc6d7100066d9eda7efdde46 Mon Sep 17 00:00:00 2001 From: Stefan Kangas <stefankangas@gmail.com> Date: Mon, 16 Sep 2019 10:45:14 +0200 Subject: [PATCH] Recommend against SHA-1 and MD5 for security * doc/lispref/text.texi (Checksum/Hash): * src/fns.c (Fmd5, Fsecure_hash): * lisp/subr.el (sha1): Doc fix to recommend against SHA-1 and MD5 for security-related applications, since they are not collision resistant. (Bug#37420) --- doc/lispref/text.texi | 12 ++++++------ lisp/subr.el | 8 ++++++-- src/fns.c | 11 +++++++++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/doc/lispref/text.texi b/doc/lispref/text.texi index 7ce54f59c6..54b89cff5a 100644 --- a/doc/lispref/text.texi +++ b/doc/lispref/text.texi @@ -4710,12 +4710,12 @@ Checksum/Hash SHA-1, SHA-2, SHA-224, SHA-256, SHA-384 and SHA-512. MD5 is the oldest of these algorithms, and is commonly used in @dfn{message digests} to check the integrity of messages transmitted over a -network. MD5 is not collision resistant (i.e., it is possible to -deliberately design different pieces of data which have the same MD5 -hash), so you should not used it for anything security-related. A -similar theoretical weakness also exists in SHA-1. Therefore, for -security-related applications you should use the other hash types, -such as SHA-2. +network. MD5 and SHA-1 are not collision resistant (i.e., it is +possible to deliberately design different pieces of data which have +the same MD5 or SHA-1 hash), so you should not use them for anything +security-related. For security-related applications you should use +the other hash types, such as SHA-2 (e.g. @code{sha384} or +@code{sha512}). @defun secure-hash-algorithms This function returns a list of symbols representing algorithms that diff --git a/lisp/subr.el b/lisp/subr.el index 0b47da884b..45b99a82d2 100644 --- a/lisp/subr.el +++ b/lisp/subr.el @@ -3120,11 +3120,15 @@ field-at-pos raw-field))) (defun sha1 (object &optional start end binary) - "Return the SHA1 (Secure Hash Algorithm) of an OBJECT. + "Return the SHA-1 (Secure Hash Algorithm) of an OBJECT. OBJECT is either a string or a buffer. Optional arguments START and END are character positions specifying which portion of OBJECT for computing the hash. If BINARY is non-nil, return a string in binary -form." +form. + +Note that SHA-1 is not collision resistant and should not be used +for anything security-related. See `secure-hash' for +alternatives." (secure-hash 'sha1 object start end binary)) (defun function-get (f prop &optional autoload) diff --git a/src/fns.c b/src/fns.c index df921e28f3..20047be63d 100644 --- a/src/fns.c +++ b/src/fns.c @@ -5379,7 +5379,10 @@ DEFUN ("md5", Fmd5, Smd5, 1, 5, 0, command `prefer-coding-system') is used. If NOERROR is non-nil, silently assume the `raw-text' coding if the -guesswork fails. Normally, an error is signaled in such case. */) +guesswork fails. Normally, an error is signaled in such case. + +Note that MD5 is not collision resistant and should not be used for +anything security-related. See `secure-hash' for alternatives. */) (Lisp_Object object, Lisp_Object start, Lisp_Object end, Lisp_Object coding_system, Lisp_Object noerror) { return secure_hash (Qmd5, object, start, end, coding_system, noerror, Qnil); @@ -5396,7 +5399,11 @@ DEFUN ("secure-hash", Fsecure_hash, Ssecure_hash, 2, 5, 0, The full list of algorithms can be obtained with `secure-hash-algorithms'. -If BINARY is non-nil, returns a string in binary form. */) +If BINARY is non-nil, returns a string in binary form. + +Note that MD5 and SHA-1 are not collision resistant and should not be +used for anything security-related. Use one of the other hash types +for security-related applications. */) (Lisp_Object algorithm, Lisp_Object object, Lisp_Object start, Lisp_Object end, Lisp_Object binary) { return secure_hash (algorithm, object, start, end, Qnil, Qnil, binary); -- 2.20.1 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 20:29 ` Stefan Kangas @ 2019-09-16 20:34 ` Lars Ingebrigtsen 2019-09-16 21:50 ` Stefan Kangas ` (2 more replies) 0 siblings, 3 replies; 18+ messages in thread From: Lars Ingebrigtsen @ 2019-09-16 20:34 UTC (permalink / raw) To: Stefan Kangas; +Cc: 37420 Stefan Kangas <stefan@marxist.se> writes: > (I also changed so the doc strings consistently say SHA-1 instead of > SHA1, which seems to be more correct AFAICT.) Yup. [...] > +Note that SHA-1 is not collision resistant and should not be used > +for anything security-related. See `secure-hash' for > +alternatives." Looks good. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 20:34 ` Lars Ingebrigtsen @ 2019-09-16 21:50 ` Stefan Kangas 2019-09-16 22:25 ` Lars Ingebrigtsen 2019-09-17 6:05 ` Eli Zaretskii 2019-09-17 5:50 ` Eli Zaretskii 2019-09-20 18:50 ` Stefan Kangas 2 siblings, 2 replies; 18+ messages in thread From: Stefan Kangas @ 2019-09-16 21:50 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 37420 [-- Attachment #1: Type: text/plain, Size: 283 bytes --] Lars Ingebrigtsen <larsi@gnus.org> writes: > Looks good. Thanks. As I was playing around with this a bit more, I also came up with another patch (attached) to be committed on top of the first one. This patch adds tests and makes some minor doc fixes. Best regards, Stefan Kangas [-- Attachment #2: 0001-Add-tests-for-secure-hash-and-improve-doc-string.patch --] [-- Type: text/x-patch, Size: 4090 bytes --] From 64ba95dd564f22910b48f8644db4013f9fe65eb1 Mon Sep 17 00:00:00 2001 From: Stefan Kangas <stefankangas@gmail.com> Date: Mon, 16 Sep 2019 23:39:58 +0200 Subject: [PATCH] Add tests for secure-hash and improve doc string * src/fns.c (Fsecure_hash_algorithms): Fix typo. (Fsecure_hash): Add algorithm list to doc string. * test/src/fns-tests.el (test-secure-hash): New test. --- src/fns.c | 11 ++++++++++- .../emacs-lisp/package-resources/archive-contents | 5 ++++- test/src/fns-tests.el | 15 +++++++++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/src/fns.c b/src/fns.c index df921e28f3..5f53e596a1 100644 --- a/src/fns.c +++ b/src/fns.c @@ -5084,7 +5084,7 @@ make_digest_string (Lisp_Object digest, int digest_size) DEFUN ("secure-hash-algorithms", Fsecure_hash_algorithms, Ssecure_hash_algorithms, 0, 0, 0, - doc: /* Return a list of all the supported `secure_hash' algorithms. */) + doc: /* Return a list of all the supported `secure-hash' algorithms. */) (void) { return list (Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512); @@ -5390,6 +5390,15 @@ DEFUN ("secure-hash", Fsecure_hash, Ssecure_hash, 2, 5, 0, ALGORITHM is a symbol specifying the hash to use: md5, sha1, sha224, sha256, sha384 or sha512. +These symbols corresponds to the following hashing algorithms: + + md5 - MD5 + sha1 - SHA-1 + sha224 - SHA-2 / SHA-224 + sha256 - SHA-2 / SHA-384 + sha384 - SHA-2 / SHA-384 + sha512 - SHA-2 / SHA-512 + The two optional arguments START and END are positions specifying for which part of OBJECT to compute the hash. If nil or omitted, uses the whole OBJECT. diff --git a/test/lisp/emacs-lisp/package-resources/archive-contents b/test/lisp/emacs-lisp/package-resources/archive-contents index e2f92304f8..fbbcdfa640 100644 --- a/test/lisp/emacs-lisp/package-resources/archive-contents +++ b/test/lisp/emacs-lisp/package-resources/archive-contents @@ -1,9 +1,12 @@ +;; RFC3339 timestamp +;; Last-Updated: 2014-01-16T05:43:35.000Z (1 (simple-single . [(1 3) nil "A single-file package with no dependencies" single ((:url . "http://doodles.au") - (:keywords quote ("frobnicate")))]) + (:keywords quote ("frobnicate")) + (:hash )]) (simple-depend . [(1 0) ((simple-single (1 3))) "A single-file package with a dependency." single]) diff --git a/test/src/fns-tests.el b/test/src/fns-tests.el index 7d56da77cf..5be9a9eb7b 100644 --- a/test/src/fns-tests.el +++ b/test/src/fns-tests.el @@ -858,4 +858,19 @@ test-hash-function-that-mutates-hash-table (puthash k k h))) (should (= 100 (hash-table-count h))))) +(ert-deftest test-secure-hash () + (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f")) + (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878")) + (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3" + "8c3c5e258988ab525f941db8"))) + (should (equal (secure-hash 'sha256 "foobar") (concat "c3ab8ff13720e8ad9047dd39466b3c89" + "74e592c2fa383d4a3960714caef0c4f2"))) + (should (equal (secure-hash 'sha384 "foobar") (concat "3c9c30d9f665e74d515c842960d4a451" + "c83a0125fd3de7392d7b37231af10c72" + "ea58aedfcdf89a5765bf902af93ecf06"))) + (should (equal (secure-hash 'sha512 "foobar") (concat "0a50261ebd1a390fed2bf326f2673c14" + "5582a6342d523204973d0219337f8161" + "6a8069b012587cf5635f6925f1b56c36" + "0230c19b273500ee013e030601bf2425")))) + (provide 'fns-tests) -- 2.20.1 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 21:50 ` Stefan Kangas @ 2019-09-16 22:25 ` Lars Ingebrigtsen 2019-09-17 9:17 ` Stefan Kangas 2019-09-17 6:05 ` Eli Zaretskii 1 sibling, 1 reply; 18+ messages in thread From: Lars Ingebrigtsen @ 2019-09-16 22:25 UTC (permalink / raw) To: Stefan Kangas; +Cc: 37420 Stefan Kangas <stefan@marxist.se> writes: > +These symbols corresponds to the following hashing algorithms: > + > + md5 - MD5 > + sha1 - SHA-1 > + sha224 - SHA-2 / SHA-224 > + sha256 - SHA-2 / SHA-384 > + sha384 - SHA-2 / SHA-384 > + sha512 - SHA-2 / SHA-512 I'm not sure these really clarify all that much? But I don't object to it. [...] > --- a/test/lisp/emacs-lisp/package-resources/archive-contents > +++ b/test/lisp/emacs-lisp/package-resources/archive-contents > @@ -1,9 +1,12 @@ > +;; RFC3339 timestamp > +;; Last-Updated: 2014-01-16T05:43:35.000Z > (1 > (simple-single . > [(1 3) > nil "A single-file package with no dependencies" single > ((:url . "http://doodles.au") > - (:keywords quote ("frobnicate")))]) > + (:keywords quote ("frobnicate")) > + (:hash )]) Hm... is this related? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 22:25 ` Lars Ingebrigtsen @ 2019-09-17 9:17 ` Stefan Kangas 0 siblings, 0 replies; 18+ messages in thread From: Stefan Kangas @ 2019-09-17 9:17 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 37420 Lars Ingebrigtsen <larsi@gnus.org> writes: > > +These symbols corresponds to the following hashing algorithms: > > + > > + md5 - MD5 > > + sha1 - SHA-1 > > + sha224 - SHA-2 / SHA-224 > > + sha256 - SHA-2 / SHA-384 > > + sha384 - SHA-2 / SHA-384 > > + sha512 - SHA-2 / SHA-512 > > I'm not sure these really clarify all that much? But I don't object to > it. They would help people like me who don't use this stuff very often and can't remember which one is SHA-1, SHA-2, SHA-3, etc. Of course, one could expect users to fire up a web browser and search the web for details instead. But as it stands, we don't document anywhere that sha512 is indeed SHA-2 as far as I can tell. > > --- a/test/lisp/emacs-lisp/package-resources/archive-contents [...] > Hm... is this related? No, please disregard that. I fixed it but then attached the wrong patch to the email. Best regards, Stefan Kangas ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 21:50 ` Stefan Kangas 2019-09-16 22:25 ` Lars Ingebrigtsen @ 2019-09-17 6:05 ` Eli Zaretskii 2019-09-17 13:37 ` Robert Pluim 1 sibling, 1 reply; 18+ messages in thread From: Eli Zaretskii @ 2019-09-17 6:05 UTC (permalink / raw) To: Stefan Kangas; +Cc: larsi, 37420 > From: Stefan Kangas <stefan@marxist.se> > Date: Mon, 16 Sep 2019 23:50:33 +0200 > Cc: 37420@debbugs.gnu.org > > +These symbols corresponds to the following hashing algorithms: > + > + md5 - MD5 > + sha1 - SHA-1 > + sha224 - SHA-2 / SHA-224 > + sha256 - SHA-2 / SHA-384 > + sha384 - SHA-2 / SHA-384 > + sha512 - SHA-2 / SHA-512 Please always use "--" to imply an em-dash in plain text. In this case, perhaps an even better way would be to explicitly say "corresponds to". Thanks. ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-17 6:05 ` Eli Zaretskii @ 2019-09-17 13:37 ` Robert Pluim 2019-09-28 10:19 ` Stefan Kangas 0 siblings, 1 reply; 18+ messages in thread From: Robert Pluim @ 2019-09-17 13:37 UTC (permalink / raw) To: Stefan Kangas; +Cc: larsi, 37420 >>>>> On Tue, 17 Sep 2019 09:05:09 +0300, Eli Zaretskii <eliz@gnu.org> said: >> From: Stefan Kangas <stefan@marxist.se> >> Date: Mon, 16 Sep 2019 23:50:33 +0200 >> Cc: 37420@debbugs.gnu.org >> >> +These symbols corresponds to the following hashing algorithms: >> + >> + md5 - MD5 >> + sha1 - SHA-1 >> + sha224 - SHA-2 / SHA-224 >> + sha256 - SHA-2 / SHA-384 >> + sha384 - SHA-2 / SHA-384 >> + sha512 - SHA-2 / SHA-512 Eli> Please always use "--" to imply an em-dash in plain text. In this Eli> case, perhaps an even better way would be to explicitly say Eli> "corresponds to". You have sha256 -> SHA-384 Robert ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-17 13:37 ` Robert Pluim @ 2019-09-28 10:19 ` Stefan Kangas 2019-09-28 19:55 ` Lars Ingebrigtsen 0 siblings, 1 reply; 18+ messages in thread From: Stefan Kangas @ 2019-09-28 10:19 UTC (permalink / raw) To: Robert Pluim; +Cc: Lars Ingebrigtsen, 37420 [-- Attachment #1: Type: text/plain, Size: 853 bytes --] Robert Pluim <rpluim@gmail.com> writes: > >>>>> On Tue, 17 Sep 2019 09:05:09 +0300, Eli Zaretskii <eliz@gnu.org> said: > > >> From: Stefan Kangas <stefan@marxist.se> > >> Date: Mon, 16 Sep 2019 23:50:33 +0200 > >> Cc: 37420@debbugs.gnu.org > >> > >> +These symbols corresponds to the following hashing algorithms: > >> + > >> + md5 - MD5 > >> + sha1 - SHA-1 > >> + sha224 - SHA-2 / SHA-224 > >> + sha256 - SHA-2 / SHA-384 > >> + sha384 - SHA-2 / SHA-384 > >> + sha512 - SHA-2 / SHA-512 > > Eli> Please always use "--" to imply an em-dash in plain text. In this > Eli> case, perhaps an even better way would be to explicitly say > Eli> "corresponds to". > > You have sha256 -> SHA-384 Thanks Eli and Robert. How about the attached patch? Best regards, Stefan Kangas [-- Attachment #2: 0001-Add-tests-for-secure-hash-and-improve-doc-string.patch --] [-- Type: text/x-patch, Size: 3247 bytes --] From 63457d19d76f11797d455408ba840d8c04a9458e Mon Sep 17 00:00:00 2001 From: Stefan Kangas <stefankangas@gmail.com> Date: Mon, 16 Sep 2019 23:42:56 +0200 Subject: [PATCH] Add tests for secure-hash and improve doc string * src/fns.c (Fsecure_hash_algorithms): Fix typo. (Fsecure_hash): Add algorithm list to doc string. * test/src/fns-tests.el (test-secure-hash): New test. --- src/fns.c | 9 +++++++-- test/src/fns-tests.el | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/fns.c b/src/fns.c index b800f1c47f..fa52e5e197 100644 --- a/src/fns.c +++ b/src/fns.c @@ -5081,7 +5081,7 @@ make_digest_string (Lisp_Object digest, int digest_size) DEFUN ("secure-hash-algorithms", Fsecure_hash_algorithms, Ssecure_hash_algorithms, 0, 0, 0, - doc: /* Return a list of all the supported `secure_hash' algorithms. */) + doc: /* Return a list of all the supported `secure-hash' algorithms. */) (void) { return list (Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512); @@ -5388,7 +5388,12 @@ DEFUN ("md5", Fmd5, Smd5, 1, 5, 0, DEFUN ("secure-hash", Fsecure_hash, Ssecure_hash, 2, 5, 0, doc: /* Return the secure hash of OBJECT, a buffer or string. ALGORITHM is a symbol specifying the hash to use: -md5, sha1, sha224, sha256, sha384 or sha512. +- md5 corresponds to MD5 +- sha1 corresponds to SHA-1 +- sha224 corresponds to SHA-2 (SHA-224) +- sha256 corresponds to SHA-2 (SHA-256) +- sha384 corresponds to SHA-2 (SHA-384) +- sha512 corresponds to SHA-2 (SHA-512) The two optional arguments START and END are positions specifying for which part of OBJECT to compute the hash. If nil or omitted, uses the diff --git a/test/src/fns-tests.el b/test/src/fns-tests.el index 7d56da77cf..5be9a9eb7b 100644 --- a/test/src/fns-tests.el +++ b/test/src/fns-tests.el @@ -858,4 +858,19 @@ test-hash-function-that-mutates-hash-table (puthash k k h))) (should (= 100 (hash-table-count h))))) +(ert-deftest test-secure-hash () + (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f")) + (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878")) + (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3" + "8c3c5e258988ab525f941db8"))) + (should (equal (secure-hash 'sha256 "foobar") (concat "c3ab8ff13720e8ad9047dd39466b3c89" + "74e592c2fa383d4a3960714caef0c4f2"))) + (should (equal (secure-hash 'sha384 "foobar") (concat "3c9c30d9f665e74d515c842960d4a451" + "c83a0125fd3de7392d7b37231af10c72" + "ea58aedfcdf89a5765bf902af93ecf06"))) + (should (equal (secure-hash 'sha512 "foobar") (concat "0a50261ebd1a390fed2bf326f2673c14" + "5582a6342d523204973d0219337f8161" + "6a8069b012587cf5635f6925f1b56c36" + "0230c19b273500ee013e030601bf2425")))) + (provide 'fns-tests) -- 2.20.1 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-28 10:19 ` Stefan Kangas @ 2019-09-28 19:55 ` Lars Ingebrigtsen 2019-10-04 15:33 ` Stefan Kangas 0 siblings, 1 reply; 18+ messages in thread From: Lars Ingebrigtsen @ 2019-09-28 19:55 UTC (permalink / raw) To: Stefan Kangas; +Cc: Robert Pluim, 37420 Stefan Kangas <stefan@marxist.se> writes: > Thanks Eli and Robert. How about the attached patch? Looks good to me, but one tiny thing: > +(ert-deftest test-secure-hash () > + (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f")) > + (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878")) > + (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3" > + "8c3c5e258988ab525f94 Perhaps the lines should be folded to avoid too-long lines? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-28 19:55 ` Lars Ingebrigtsen @ 2019-10-04 15:33 ` Stefan Kangas 0 siblings, 0 replies; 18+ messages in thread From: Stefan Kangas @ 2019-10-04 15:33 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 37420-done, Robert Pluim Lars Ingebrigtsen <larsi@gnus.org> writes: > > Thanks Eli and Robert. How about the attached patch? > > Looks good to me, but one tiny thing: > > > +(ert-deftest test-secure-hash () > > + (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f")) > > + (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878")) > > + (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3" > > + "8c3c5e258988ab525f94 > > Perhaps the lines should be folded to avoid too-long lines? Thanks; fixed and pushed as commit ef8fadf8c1. Best regards, Stefan Kangas ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 20:34 ` Lars Ingebrigtsen 2019-09-16 21:50 ` Stefan Kangas @ 2019-09-17 5:50 ` Eli Zaretskii 2019-09-17 9:09 ` Stefan Kangas 2019-09-20 18:50 ` Stefan Kangas 2 siblings, 1 reply; 18+ messages in thread From: Eli Zaretskii @ 2019-09-17 5:50 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: stefan, 37420 > From: Lars Ingebrigtsen <larsi@gnus.org> > Date: Mon, 16 Sep 2019 22:34:15 +0200 > Cc: 37420@debbugs.gnu.org > > Stefan Kangas <stefan@marxist.se> writes: > > > (I also changed so the doc strings consistently say SHA-1 instead of > > SHA1, which seems to be more correct AFAICT.) > > Yup. Should we perhaps do something to help those who know this under the name "SHA1"? ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-17 5:50 ` Eli Zaretskii @ 2019-09-17 9:09 ` Stefan Kangas 2019-09-17 11:53 ` Eli Zaretskii 0 siblings, 1 reply; 18+ messages in thread From: Stefan Kangas @ 2019-09-17 9:09 UTC (permalink / raw) To: Eli Zaretskii; +Cc: Lars Ingebrigtsen, 37420 Eli Zaretskii <eliz@gnu.org> writes: > > > (I also changed so the doc strings consistently say SHA-1 instead of > > > SHA1, which seems to be more correct AFAICT.) > > > > Yup. > > Should we perhaps do something to help those who know this under the > name "SHA1"? Is there any risk that some users believe that these would be two different algorithms? My guess would be no, but I might be wrong. Best regards, Stefan Kangas ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-17 9:09 ` Stefan Kangas @ 2019-09-17 11:53 ` Eli Zaretskii 2019-09-17 12:08 ` Stefan Kangas 0 siblings, 1 reply; 18+ messages in thread From: Eli Zaretskii @ 2019-09-17 11:53 UTC (permalink / raw) To: Stefan Kangas; +Cc: larsi, 37420 > From: Stefan Kangas <stefan@marxist.se> > Date: Tue, 17 Sep 2019 11:09:25 +0200 > Cc: Lars Ingebrigtsen <larsi@gnus.org>, 37420@debbugs.gnu.org > > > Should we perhaps do something to help those who know this under the > > name "SHA1"? > > Is there any risk that some users believe that these would be two > different algorithms? My guess would be no, but I might be wrong. I have no idea, but I personally didn't even know SHA1 has another name, let alone a more "official" one. ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-17 11:53 ` Eli Zaretskii @ 2019-09-17 12:08 ` Stefan Kangas 2019-09-17 12:14 ` Stefan Kangas 0 siblings, 1 reply; 18+ messages in thread From: Stefan Kangas @ 2019-09-17 12:08 UTC (permalink / raw) To: Eli Zaretskii; +Cc: Lars Ingebrigtsen, 37420 Eli Zaretskii <eliz@gnu.org> writes: > > > Should we perhaps do something to help those who know this under the > > > name "SHA1"? > > > > Is there any risk that some users believe that these would be two > > different algorithms? My guess would be no, but I might be wrong. > > I have no idea, but I personally didn't even know SHA1 has another > name, let alone a more "official" one. This is the spelling in RFC 3174: https://tools.ietf.org/html/rfc3174 Perhaps SHA1 is just a common typo? Best regards, Stefan Kangas ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-17 12:08 ` Stefan Kangas @ 2019-09-17 12:14 ` Stefan Kangas 0 siblings, 0 replies; 18+ messages in thread From: Stefan Kangas @ 2019-09-17 12:14 UTC (permalink / raw) To: Eli Zaretskii; +Cc: Lars Ingebrigtsen, 37420 Stefan Kangas <stefan@marxist.se> writes: > This is the spelling in RFC 3174: https://tools.ietf.org/html/rfc3174 Taking a closer look, they actually use "SHA1" in the document headline, but "SHA-1" in the body text. So it's a bit of a mess. I guess the important thing is that we use one spelling consistently to avoid confusing users even more. Best regards, Stefan Kangas ^ permalink raw reply [flat|nested] 18+ messages in thread
* bug#37420: [PATCH] Recommend against SHA-1 for security-related applications 2019-09-16 20:34 ` Lars Ingebrigtsen 2019-09-16 21:50 ` Stefan Kangas 2019-09-17 5:50 ` Eli Zaretskii @ 2019-09-20 18:50 ` Stefan Kangas 2 siblings, 0 replies; 18+ messages in thread From: Stefan Kangas @ 2019-09-20 18:50 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 37420 Lars Ingebrigtsen <larsi@gnus.org> writes: > > +Note that SHA-1 is not collision resistant and should not be used > > +for anything security-related. See `secure-hash' for > > +alternatives." > > Looks good. Thanks. Since there were no other comments, I've now committed this first patch as commit 6d50010b34. I'll address the second patch in a separate email. Best regards, Stefan Kangas ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2019-10-04 15:33 UTC | newest] Thread overview: 18+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-09-16 8:53 bug#37420: [PATCH] Recommend against SHA-1 for security-related applications Stefan Kangas 2019-09-16 11:21 ` Lars Ingebrigtsen 2019-09-16 20:29 ` Stefan Kangas 2019-09-16 20:34 ` Lars Ingebrigtsen 2019-09-16 21:50 ` Stefan Kangas 2019-09-16 22:25 ` Lars Ingebrigtsen 2019-09-17 9:17 ` Stefan Kangas 2019-09-17 6:05 ` Eli Zaretskii 2019-09-17 13:37 ` Robert Pluim 2019-09-28 10:19 ` Stefan Kangas 2019-09-28 19:55 ` Lars Ingebrigtsen 2019-10-04 15:33 ` Stefan Kangas 2019-09-17 5:50 ` Eli Zaretskii 2019-09-17 9:09 ` Stefan Kangas 2019-09-17 11:53 ` Eli Zaretskii 2019-09-17 12:08 ` Stefan Kangas 2019-09-17 12:14 ` Stefan Kangas 2019-09-20 18:50 ` Stefan Kangas
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.