I was attempting to re-implement the ASP.NET Identity password hash algorithm in PHP. It uses RFC 2898, which uses HMAC SHA1. SHA1 has been broken by google. Does this mean that RFC 2898 in general and the current ASP.NET Identity password hash format in particular are broken?
Asked
Active
Viewed 4,357 times
1 Answers
9
That particular usage of SHA-1 uses HMAC, and then iterates that as part of PBKDF2 (which is actually defined for any PRF, not just HMAC-SHA1).
As of this date (2017-05-18) HMAC-SHA1 is unbroken in terms of collisions and other attacks, so PBKDF2-HMAC-SHA1 is still considered safe. The HMAC construction, along with the many iterations in PBKDF2, protects against the Google collision attack on SHA1.
However, new applications should move to at least SHA2-256 or SHA3-256 as a hashing primitive and not implement anything using SHA1 at all unless strictly necessary for compatibility with other systems.
In your case, you need compatibility with older systems, so go ahead, but build in code and make a transition plan to use newer hash function in the near future. Adding simple version field alongside the password hash will suffice in most cases.
rmalayter
- 2,297
- 17
- 24