From: hi@... Date: 2020-10-24T05:06:28+00:00 Subject: [ruby-core:100521] [Ruby master Feature#17282] Deprecate Digest::SHA1 Issue #17282 has been reported by olivierlacan (Olivier Lacan). ---------------------------------------- Feature #17282: Deprecate Digest::SHA1 https://bugs.ruby-lang.org/issues/17282 * Author: olivierlacan (Olivier Lacan) * Status: Open * Priority: Normal ---------------------------------------- In light of the widespread deprecation of SHA1 due to collision risk it poses, should Ruby still expose it without a warning within Digest::SHA1? [FIPS PUB 180-1](https://csrc.nist.gov/publications/detail/fips/180/1/archive/1995-04-17) which is referenced by the [Digest::SHA1 documentation](https://docs.ruby-lang.org/en/master/Digest/SHA1.html) was withdraw on August 01, 2002, superseded by [FIPS 180-2](https://csrc.nist.gov/publications/detail/fips/180/2/archive/2002-08-01) (which introduced SHA-256, SHA-384, and SHA-512), and later withdrawn and superseded multiple times until [FIPS 180-4](https://csrc.nist.gov/publications/detail/fips/180/4/final) which recommends SHA3. SHA3 isn't currently supported by the Digest class although there exists Ruby gem implementations: - https://github.com/johanns/sha3 - https://github.com/phusion/digest-sha3-ruby References: - https://mailarchive.ietf.org/arch/msg/openpgp/Rp-inhYKT8A9H5E34iLTrc9I0gc/ - https://csrc.nist.gov/news/2017/research-results-on-sha-1-collisions - https://csrc.nist.gov/publications/detail/sp/800-131a/rev-1/archive/2015-11-06 - https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final Quoting from NIST's piece on research regarding SHA1 collisions: > NIST deprecated the use of SHA-1 in 2011 and disallowed its use for digital signatures at the end of 2013, based on both the Wang, et. al, attack and the potential for brute-force attack. To ensure that practitioners have secure and efficient hash algorithms to provide long-term security, NIST organized an international competition to select a new hash algorithm standard, SHA-3, which is specified in FIPS 202. My recommendation would be to print a deprecation warning when Digest::SHA1 is used to alert Ruby users that they should perhaps upgrade to a safer standard. SHA3 should perhaps be supported by Digest as well. -- https://bugs.ruby-lang.org/ Unsubscribe: