

NIST's policy on hash functions - helwr
http://csrc.nist.gov/groups/ST/hash/policy.html

======
philwelch
Git uses SHA-1 to identify commits. Does this policy indirectly prevent the
government from using Git (or similar systems) for version control?

~~~
tptacek
No. This is an extremely misleading title. The "US Government" could care less
what hash functions you use.

It's also not an interesting article. SHA1 has been suspect as a security
primitive for years.

~~~
karanbhangui
*couldn't care less

~~~
slmbrhrt
Oh, don't start with this. <http://incompetech.com/gallimaufry/care_less.html>

------
rubyrescue
_SHA-224, SHA-256, SHA-384 and SHA-512_

is any one better than another? for instance, the way AES-256 and -192 are
considered potentially less secure than 128, at least according to something i
read from Schneier a while back.

~~~
tptacek
There are attacks against AES-256 that haven't been extended back to smaller
key sizes.

If you're typing the letters S-H-A-2-5-6 into your code, you're doing
something wrong; you should be using GPG, or Keyczar, or some other high-level
interface that has chosen the algorithms for you and deployed them safely.

That said, the standard practice today in new software that will be audited is
SHA256.

All this web page says is "don't use SHA1".

~~~
cperciva
_If you're typing the letters S-H-A-2-5-6 into your code, you're doing
something wrong..._

Oh come on. This comment wasn't entirely unreasonable when it was about AES,
but saying that nobody should use SHA256 directly is just plain silly. How do
you verify that the FreeBSD ISO image you downloaded is intact if not by
typing

    
    
      # sha256 FreeBSD-7.3-RELEASE-amd64-disc1.iso

