From f3273b122dcbb81377813c586a68d6986325659b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Mon, 19 Aug 2019 18:08:19 +0200 Subject: [PATCH] XEP-0414: Drop dangling reference --- xep-0414.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/xep-0414.xml b/xep-0414.xml index dd0c7085..35e8f5dd 100644 --- a/xep-0414.xml +++ b/xep-0414.xml @@ -82,7 +82,6 @@

The SHA-1 algorithm was developed by the U.S. National Security Agency and first published in 1995 to fix problems with SHA-0. The SHA-1 algorithm is currently the most widely-deployed hash function. As described in &rfc4270; in 2005, attacks have been found against the collision resistance property of SHA-1. &rfc6194; notes that as of 2011 no published results indicate improvement upon those attacks. In addition, RFC 6194 notes that "[t]here are no known pre-image or second pre-image attacks that are specific to the full round SHA-1 algorithm". Furthermore, there is no indication that attacks on SHA-1 can be extended to HMAC-SHA-1. Nevertheless, the U.S. National Institute of Standards and Technology (NIST) has recommended that SHA-1 not be used for generating digital signatures after December 31, 2010.

In fall 2015 the SHA-1 collision cost has been estimated between 75K$ to 120K$ The SHAppening: freestart collisions for SHA-1 <https://sites.google.com/site/itstheshappening/>..

-

The SHA-1 algorithm is used in a number of XMPP protocols. See Analysis of Existing XMPP Extensions for details.

The SHA-2 family of algorithms (SHA-224, SHA-256, SHA-384, and SHA-512) was developed by the U.S. National Security Agency and first published in 2001. Because SHA-2 is somewhat similar to SHA-1, it is thought that the security flaws with SHA-1 described above could be extended to SHA-2 (although no such attacks have yet been found on the full-round SHA-2 algorithms).