Cryptographic hash function security

A few places in the web server use cryptographic hash functions, specifically MD5 and SHA1:

- [`md5-stuffer`](https://docs.racket-lang.org/web-server/stateless.html#%28def._%28%28lib._web-server%2Fstuffers%2Fhash..rkt%29._md5-stuffer%29%29)
- `HMAC-SHA1` and `HMAC-SHA1-stuffer` from [`web-server/stuffers/hmac-sha1`](https://docs.racket-lang.org/web-server/stateless.html#%28mod-path._web-server%2Fstuffers%2Fhmac-sha1%29)
- All of the functions from [`web-server/http/id-cookie`](https://docs.racket-lang.org/web-server/http.html#%28mod-path._web-server%2Fhttp%2Fid-cookie%29) are built on HMAC-SHA1.

Neither MD5 nor SHA1 are recommended anymore for general use as cryptographic hash functions. IIUC, the vulnerabilities in both cases are (so far) only with collisions, not preimages, which I think means some or all of these uses are still ok—but "I think" is not something I like to rely on when it comes to crypto.

I propose that:

1. We should document the security considerations applicable to each use of cryptographic hash functions.
2. If MD5 or SHA1 are insecure in any of these applications, we should replace them with better hash functions. Conveniently, `racket/base` [now provides](https://docs.racket-lang.org/reference/sha.html) `sha256-bytes` and `sha254-bytes`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Cryptographic hash function security #68

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Cryptographic hash function security #68

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions