Skip to content
This repository has been archived by the owner on Mar 1, 2018. It is now read-only.

SHA-2 hashes for sign/verify operations #32

Closed
Kagami opened this issue Jan 17, 2015 · 9 comments
Closed

SHA-2 hashes for sign/verify operations #32

Kagami opened this issue Jan 17, 2015 · 9 comments

Comments

@Kagami
Copy link

Kagami commented Jan 17, 2015

Hi.
pyelliptic currently uses SHA-1 to hash messages before signing. I've heard SHA-1 is not considered very secure anymore so what do you think about optional ecdsa-with-sha256 mode (and maybe -sha512)?
@Atheros1
Copy link
Contributor

I think that sha256 would be good although I don't think that sha512 would provide any real additional value and comes at some cost.

yann2192 added a commit that referenced this issue Feb 23, 2015
@yann2192
use SHA256 instead of SHA1 for ECDSA (see #32).
5311255
@yann2192
Copy link
Owner

Hi,

Sorry for the delay. Yes, I agree, replace SHA1 by SHA256 sounds good.

@Kagami @Atheros1 #33 : It's good for you ?

@Kagami
Copy link
Author

Kagami commented Feb 23, 2015

LGTM, but I think @Atheros1 would prefer to make ecdsa-with-sha256 mode optional to have some time for upgrade period (PyBitmessage currently uses ecdsa-with-sha1 and it would be problematic to upgrade all network to new version simultaneously).

yann2192 added a commit that referenced this issue Feb 23, 2015
@yann2192
use SHA256 instead of SHA1 for ECDSA (see #32).
9757afe
yann2192 added a commit that referenced this issue Feb 23, 2015
@yann2192
specify digest for ECC.sign and ECC.verify (see #32).
6610a2a
@yann2192
Copy link
Owner

Ok, is #35 better ?

@Kagami
Copy link
Author

Kagami commented Feb 23, 2015

LGTM, thanks!

@Atheros1
Copy link
Contributor

#33 is good. I like that it uses the secure algorithm by default. PyBitmessage contains a copy of pyelliptic so that it isn't broken by these sorts of changes. I could manually make the changes that are present in #35 and take them out after an upgrade period. My upgrade plan would be for PyBitmessage to verify the signature using both SHA1 and SHA256 and wait for everyone to upgrade. After a while, clients could start generating signatures using SHA256 and then the custom code could be taken out so that it matches pyelliptic. This is what I did for issue #17. I'll just have to be sure that alternative Bitmessage implementations are prepared.

While we're on it, you might like to switch to EVP_DigestInit_ex.
Per https://www.openssl.org/docs/crypto/EVP_DigestInit.html :
"The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are obsolete but are retained to maintain compatibility with existing code. New applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified.
EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except the passed context ctx does not have to be initialized, and it always uses the default digest implementation."

In pyelliptic, md_ctx is already being initialized with EVP_MD_CTX_init so it appears to me that EVP_DigestInit could be switched to EVP_DigestInit_ex if you want.

@yann2192
Copy link
Owner

Ok, let's go for #33.

@Atheros1 5d94f88 seems good for you ?

@Atheros1
Copy link
Contributor

Yup, it seems good to me.

@yann2192
Copy link
Owner

Ok, it's in master. I'll push a release on Pypi.

@Kagami Kagami mentioned this issue Jun 1, 2015
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Kagami @yann2192 @Atheros1