Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SRI: upgrade examples to sha384? #477

Closed
fmarier opened this issue Sep 18, 2015 · 10 comments
Assignees
Labels
SRI
Milestone

Comments

@fmarier
Copy link
Contributor

@fmarier fmarier commented Sep 18, 2015

The NSA no longer recommends SHA-256 apparently: https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

Should we upgrade our examples to use sha384 instead of sha256?

@fmarier fmarier added the SRI label Sep 18, 2015
@fmarier fmarier added this to the SRI-v1-LC milestone Sep 18, 2015
@jonathanKingston

This comment has been minimized.

Copy link
Contributor

@jonathanKingston jonathanKingston commented Sep 18, 2015

Sounds good to me.
Time to support more algos too?

@fmarier

This comment has been minimized.

Copy link
Contributor Author

@fmarier fmarier commented Sep 18, 2015

Time to support more algos too?

I'd say no because that involves implementation changes too. Let's ship what we have now.

@mozfreddyb

This comment has been minimized.

Copy link
Contributor

@mozfreddyb mozfreddyb commented Sep 18, 2015

Should we upgrade our examples to use sha384 instead of sha256?

Yes!

@jonathanKingston

This comment has been minimized.

Copy link
Contributor

@jonathanKingston jonathanKingston commented Sep 18, 2015

Sorry completely forgot level 1 hasn't shipped yet. (I meant more algos for
level 2 just to clarify)

On Fri, Sep 18, 2015 at 9:35 AM Frederik notifications@github.com wrote:

Should we upgrade our examples to use sha384 instead of sha256?

Yes!


Reply to this email directly or view it on GitHub
#477 (comment).

@fmarier

This comment has been minimized.

Copy link
Contributor Author

@fmarier fmarier commented Sep 18, 2015

Sorry completely forgot level 1 hasn't shipped yet. (I meant more algos for level 2 just to clarify)

Yeah, that would be an easy V2 feature.

@mozfreddyb mozfreddyb self-assigned this Sep 22, 2015
@mozfreddyb

This comment has been minimized.

Copy link
Contributor

@mozfreddyb mozfreddyb commented Sep 22, 2015

Taking the sha256 → sha384 rewrite

@mozfreddyb

This comment has been minimized.

Copy link
Contributor

@mozfreddyb mozfreddyb commented Sep 22, 2015

My patch is nearly done, mostly search&replace work, but I have a few questions..

I guess it's too late for SRIv1 to kill SHA256 completely, but we are arguing that SHA256 is a good thing in the document, when the NSA claims it is not anymore (and they probably know better?).

So I suppose we will have to keep this one?

Conformant user agents MUST support the [SHA-256][sha2], [SHA-384][sha2]
and [SHA-512][sha2] cryptographic hash functions for use as part of a
request's [integrity metadata][], and MAY support additional hash functions.

And this one?

Digests are only as strong as the hash function used to generate them. User
agents SHOULD refuse to support known-weak hashing functions like MD5 or SHA-1,
and SHOULD restrict supported hashing functions to those known to be
collision-resistant. At the time of writing, SHA-256 is a good baseline.
Moreover, user agents SHOULD re-evaluate their supported hash functions
on a regular basis, and deprecate support for those functions shown to be
insecure.

I'd rather not say that SHA256 really is a good baseline? Not sure whether we can still modify this sentence. Most tooling we have and CDNs we talk to unfortunately default to SHA256 by now :-/

@fmarier

This comment has been minimized.

Copy link
Contributor Author

@fmarier fmarier commented Sep 22, 2015

I'd rather not say that SHA256 really is a good baseline? Not sure whether we can still modify this sentence. Most tooling we have and CDNs we talk to unfortunately default to SHA256 by now :-/

I think we can simply say that SHA384 is a good baseline and simply not talk about SHA256.

We should probably keep supporting SHA256 though. It feels premature to deprecate it.

@metromoxie

This comment has been minimized.

Copy link
Contributor

@metromoxie metromoxie commented Sep 25, 2015

Agree with @fmarier. I don't think it's as straightforward as "sha256 is no good," and even if that were the case, we'd have a lot bigger problems (e.g. SSL certs) than SRI. This change lgtm.

@devd

This comment has been minimized.

Copy link
Contributor

@devd devd commented Sep 26, 2015

+1 .. the SRI hashes are likely delivered over SSL that reduces to SHA-2

mozfreddyb added a commit to mozfreddyb/webappsec that referenced this issue Sep 28, 2015
fmarier pushed a commit that referenced this issue Sep 28, 2015
Rewrite instance of SHA256 to SHA384, see issue #477
@fmarier fmarier closed this Sep 28, 2015
@fmarier fmarier mentioned this issue Nov 10, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.