Ask Slashdot: Is SHA-512 the Way To Go? 223
crutchy writes "When I was setting up my secure website I got really paranoid about SSL encryption, so I created a certificate using OpenSSL for SHA-512 encryption. I don't know much about SHA (except bits that I can remember from Wikipedia), but I figure that if you're going to go to the trouble (or expense) of setting up SSL, you may as well go for the best you can get, right? Also, what would be the minimum level of encryption required for, say, online banking? I've read about how SHA-1 was 'broken', but from what I can tell it still takes many hours. What is the practical risk to the real internet from this capability? Would a sort of rolling key be a possible next step, where each SSL-encrypted stream has its own private/public key pair generated on the fly, and things like passwords and bank account numbers were broken up and sent in multiple streams with different private/public key pairs? This would of course require more server grunt to generate these keys (or we could take a leaf from Google's book and just have separate server clusters designed solely for that job), but then if computing performance was a limiting factor, the threat to security of these hashes wouldn't be a problem in the first place."
(Continued below.)
"I guess with all security infrastructure, trust becomes a more important factor than technical abilities. Can I trust that my SSL provider hasn't been hacked (or at least snooped)? How do I know some disgruntled IT admin hasn't sold the private key of his company's root CA to the same organization that developed the conficker virus? It would certainly make for a more profitable payload. I've read some of Bruce Schneier's work (I'm subscribed to Cryptogram) and he tends to highlight the FUD that surrounds internet security, and I agree that there is a lot of FUD, but complete ignorance and blase attitude toward security can also be taken advantage of. Where is the middle ground?"
Ask Sony (Score:2, Funny)
Ask Sony what they used, then find something 10x stronger.
Yeah, OpenSLL is all fine and good for security (Score:2, Funny)
You're right to be concerned. (Score:5, Funny)
SHA, which stands for Simply Hard Enough, has always been considered the successor to MD5.
As the numbers suggest, SHA1 5). SHA512 is formidable indeed, and no respectable website will go with anything less than SHA500.
However, there is always a balance between security and convenience, and it's important that you discover this for yourself and your users. If, for example, you find yourself with more than 500 users, you may want to bump up to SHA1024 to make sure you have enough room. Better yet, look into elliptic-curve algorithms that can be stretched to fit.
Also consider using Python instead of PHP.
Re:Ask Sony (Score:3, Funny)
Whatever you do, avoid ROT-13 ten times :)
Re:Remember Ken Thompson C Compiler Backdoor (Score:2, Funny)
Ha, you want security and trust? Remember Ken Thompson's C Compiler Backdoor
Make sure you built your PC out of sillicon yourself! Otherwise, you have to rely on someone else's code:
ACM Classics: Reflections on trusting trust
http://cm.bell-labs.com/who/ken/trust.html
Well, building your computer from silicon yourself isn't enough. After all, how do you know the machines you used to fabricate your chips are not compromised? Maybe they don't produce exactly those chips which you designed? There's no way other than to build those machines yourself as well.
Oh, and don't make the mistake to use VHDL or similar to design your chips. Your VHDL compiler may be compromised, too. Only if you understand your chip down to the wire, you can be completely sure.
Well, provided that you can prove that you are not in the Matrix, that is. :-)
Re:Here we go (Score:4, Funny)
Pfft, noobs! The best book is Impractical Cryptography by #5fgj@!53!@. You can't even read it without breaking the cypher (key sold separately).