Project

General

Profile

Feature #17282

Deprecate Digest::SHA1

Added by olivierlacan (Olivier Lacan) about 1 month ago. Updated about 1 month ago.

Status:
Third Party's Issue
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:100521]

Description

In light of the widespread deprecation of SHA1 due to collision risk it poses, should Ruby still expose it without a warning within Digest::SHA1?

FIPS PUB 180-1 which is referenced by the Digest::SHA1 documentation was withdraw on August 01, 2002, superseded by FIPS 180-2 (which introduced SHA-256, SHA-384, and SHA-512), and later withdrawn and superseded multiple times until FIPS 180-4 which recommends SHA3.

SHA3 isn't currently supported by the Digest class although there exists Ruby gem implementations:

References:

Quoting from NIST's piece on research regarding SHA1 collisions:

NIST deprecated the use of SHA-1 in 2011 and disallowed its use for digital signatures at the end of 2013, based on both the Wang, et. al, attack and the potential for brute-force attack. To ensure that practitioners have secure and efficient hash algorithms to provide long-term security, NIST organized an international competition to select a new hash algorithm standard, SHA-3, which is specified in FIPS 202.

My recommendation would be to print a deprecation warning when Digest::SHA1 is used to alert Ruby users that they should perhaps upgrade to a safer standard. SHA3 should perhaps be supported by Digest as well.

Updated by jeremyevans0 (Jeremy Evans) about 1 month ago

Note that we don't currently even deprecate MD5, and if we were going to deprecate SHA1 due to security issues, we should deprecate MD5 first since it's even worse. I think we should strongly discourage the use of MD5 and SHA1 in the Digest documentation, but a deprecation warning on usage is going too far. Not all usage of SHA1 is vulnerable (e.g. HMAC-SHA1), and SHA1 is still in wide enough usage (e.g. git) that a deprecation warning on usage is going to be annoying. These days, the majority of usage of SHA1 in Ruby is not when you are choosing the algorithm, but when you are forced to use the algorithm in order to interact with other software and usage is unavoidable. I think we shouldn't deprecate Digest::SHA1 (or Digest::MD5) until we plan on removing it the next Ruby release.

I'm in favor of SHA3 support being added to Digest, but please submit a separate ticket for that.

Updated by shyouhei (Shyouhei Urabe) about 1 month ago

  • Status changed from Open to Third Party's Issue

Digest is now a separate project. https://github.com/ruby/digest

P.S. I want "2nd party's issue" status. ruby/digets is not a 3rd party.

Also available in: Atom PDF