Relying on sha256 as the end of the story seems like a thing ... • Aaron Parecki

@goto https://twitter.com/samuelgoto • Oct 8
LMK if you run into a good formulation.

FWIW email may be a good analogy and source of inspiration. In browser land, SHA256(user + RP)@idp.example does the trick.

Relying on sha256 as the end of the story seems like a thing that also won't age well. It's only a matter of time until we see sha256 the way we see md5 today.

Portland, Oregon • 47°F

Thu, Oct 7, 2021 9:44pm -07:00

5 replies
Have you written a response to this? Let me know the URL:
- @goto twitter.com/samuelgoto
  
  Right, the time frames / shelf life seem to matter. FWIW, random numbers (as directed identifiers) should work equally well here.
  
  Fri, Oct 8, 2021 5:14am +00:00 (via brid.gy)
- Aaron Parecki twitter.com/aaronpk
  
  Maybe, but at the end of the day I would assume any crypto will eventually be broken, so it's a game of picking good enough algorithms to avoid correlation in a timeframe that would be a problem.
  
  Fri, Oct 8, 2021 5:10am +00:00 (via brid.gy)
- @goto twitter.com/samuelgoto
  
  Ah that's indeed a reasonable distinction. Still seems like solvable? Like Signal that uses a master identifier and then ephemeral (yet stable) ones?
  
  Fri, Oct 8, 2021 4:54am +00:00 (via brid.gy)
- Aaron Parecki twitter.com/aaronpk
  
  But there's a big difference in relying on a specific hash function for something that won't matter a day from now (validating an ID token) vs something that can be correlated years later (hashed identifiers in logs)
  
  Fri, Oct 8, 2021 4:47am +00:00 (via brid.gy)
- @goto twitter.com/samuelgoto
  
  Sure. I'm sure one could find a hashing function that would age well (I'm making an assumption :) but a lot of stuff breaks if one doesn't :)).
  
  Fri, Oct 8, 2021 4:45am +00:00 (via brid.gy)

Posted in /replies using indigenous.abode.pub/ios