[e-lang] Hash Agility, was Re: E Distributed Programming Clarification

[Bill Frantz]

kpreid at mac.com (Kevin Reid) on Tuesday, September 16, 2008 wrote:

>> Why SHA-1 though?... I seem to remember a Schneier article saying  
>> Sha-1 was broken by some Chinese Researchers.
>
>AFAIK, because it looked a lot better when it was chosen; we should  
>change this.
>
>(Before I forget to mention this again: MarkM: We need to do something  
>about #cryptoHash/0 methods. From where I sit, it seems like a bad  
>idea to promote one particular hash algorithm: in general, if we don't  
>upgrade it, people will continue to use a hash with known weaknesses;  
>if we do upgrade it, there will be incompatibility. I think the  
>#cryptoHash should be pulled out into a hash-algorithm object, perhaps  
>with a way to import the "current recommendation" (and previous  
>algorithms also available, of course).)

I agree with Kevin about hash agility. Doing a decent design isn't
exactly easy however. One start might be to include a hash
algorithm ID in the sturdy ref. I haven't given the issue enough
thought to decide whether this ID needs to be protected against
alteration, to close off an attack path. However, this ID would
allow us to move forward into more secure hashes as they are
developed.

It occurs to me that a sturdy ref holder could re-write the sturdy
ref using a different hash (and hash ID), without changing the
object it designates, and without consulting the hosting vat.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | Airline peanut bag: "Produced  | Periwinkle
(408)356-8506      | in a facility that processes   | 16345 Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, CA 95032