About updating the Hash Message Authentication Code

[TCalhau 4]

Hello technical team!

I would like to know if there is any prediction of migration to HMAC SHA256 in order to increase the overall security. I would like to see it implemented even as optional for the paranoid on duty.

[Staff 10335]

Hello!

 

We don't see how it would increase security. HMAC is secure, it does not really matter if the lower layer hash is SHA1 or SHA256. SHA1 attempted hash collisions by an attacker are meaningless, because before trying that the attacker should have found the HMAC keys.

 

HMAC SHA256 is not planned at the moment. We are hesitant with ECC for the problem with NIST parameters based curves. These have been created by NSA (by Jerry Solinas) and there are some doubts that must be taken into consideration about "cooked" constants, although unlikely.

 

So the real paranoid person might stay away from elliptic curves based on NIST recommended constants. Please see also:

https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters

 

Ideally, OpenSSL etc. should not use NIST curves, there's no reason to do that because there are better alternatives.

 

By the way, in a more general vision, it does appear inappropriate to think about even stronger encryption in our service, either for the Data Channel or the Control Channel.

 

Kind regards

[TCalhau 4]

Thanks for your reply!