Re: [webauthn] Random prefixes to reduce hash requirement of RSA+SHA-1 to TCR from Adam Langley via GitHub on 2018-02-27 (public-webauthn@w3.org from February 2018)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Tue, 27 Feb 2018 17:08:45 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-368952246-1519751324-sysbot+gh@w3.org>

The challenge parameter doesn't really count for a couple of reasons:

1. It's controlled by the &ldquo;attacker&rdquo; (i.e. the RP) rather than the signer. So, if there is a path to exploiting SHA-1 here, then the challenge parameter helps the attacker rather than hinders it.
1. I understand that the objection to adding a code-point for RSA+SHA-1 is that the IETF (reasonably) doesn't want to support the deployment of broken cryptography. Therefore pulling in protocol-specific details doesn't help because the IETF is worried about exposing the primitive in general.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/822#issuecomment-368952246 using your GitHub account

Received on Tuesday, 27 February 2018 17:08:48 UTC