català | česky | dansk | deutsch | english | español | français | lingála | magyar | nederlands | norsk | polski | português | svenska
Hash algorithm interoperability
According to recent results from Crypto2004 through Crypto2006, SHA1 is no longer Pareto-complete. This means that for some applications, purposes, and environments, it may be too weak, and we should consider moving to SHA-256 or preferably SHA-512 as Pareto-complete algorithms.
Vendor |
MD5 |
SHA-1 |
SHA-256 |
SHA-384 |
SHA-512 |
1024-bit* |
Software |
||||||
CAcert |
Disabled |
Yes |
Can be supported, but insufficent browser support |
No |
||
OpenSSL 0.9.8 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
GnuPG 1.4.2 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
PGP 9.0 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Firefox+TB 1.5 |
Yes |
Yes |
Yes |
Yes |
No |
No |
Firefox 2.0 Beta |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Konqueror |
Konqueror depends on the installed OpenSSL |
|||||
Opera 9.0 (uses OpenSSL) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Java SE 1.5.0_08 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Java SE/ME 1.x |
Yes via Bouncy Castle Libs |
No |
||||
Internet Explorer |
depends on the installed Windows CryptoAPI |
|||||
Outlook (Express) |
depends on the installed Windows CryptoAPI |
|||||
Safari |
Yes |
Yes |
? |
? |
? |
No |
Evolution |
Yes |
Yes |
? |
? |
? |
No |
KMail |
Yes |
Yes |
? |
? |
? |
No |
Apple Mail |
Yes |
Yes |
? |
? |
? |
No |
Operating Systems (and pre-installed Utils) |
||||||
Debian 5.0 (Lenny) (OpenSSL 0.9.8g) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Debian 6.0 (Etch) (OpenSSL 0.9.8o) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
SuSE 8.0 (OpenSSL 0.9.6c) |
Yes |
Yes |
No |
No |
No |
No |
SuSE 10.1 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
SuSE 10.1 (GnuPG 1.4.2) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
FC2-FC4 (OpenSSL 0.9.7) |
Yes |
Yes |
No |
No |
No |
No |
FC4 (GnuPG) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
FC5 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Ubuntu 6.06 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Ubuntu 6.06 (GnuPG 1.4.2.2) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
FreeBSD 5.5-6.1 (md5 command, libmd) |
Yes |
Yes |
Yes |
No |
No |
No |
FreeBSD 6.1-6.2 (OpenSSL 0.9.7) |
Yes |
Yes |
No |
No |
No |
No |
MacOSX 10.4 (OpenSSL 0.9.7) |
Yes |
Yes |
No |
No |
No |
No |
Mandriva 2006 (OpenSSL 0.9.7g) |
Yes |
Yes |
No |
No |
No |
No |
Mandriva 2007 (OpenSSL 0.9.8b) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Knoppix 4.0.2 (OpenSSL 0.9.7g) |
Yes |
Yes |
No |
No |
No |
No |
Knoppix 5.0.1 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Symbian OS 9.3 |
Yes |
Yes |
No |
No |
No |
No |
Windows until XP SP2 |
Yes |
Yes |
No |
No |
No |
No |
Windows 2003 SP2 x86; 2003 SP2 Itanium; XP SP2 X64, 2003 SP2 X64 + kb968730 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Windows Vista (according to MS) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
NetBSD 3.0-3.1_RC1** |
Yes |
Yes |
No** |
No** |
No** |
No |
NetBSD 4_Beta (OpenSSL 0.9.8b) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
OpenBSD 3.4 (cksum command, libc) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
OpenBSD 3.6-4.0 (OpenSSL 0.9.7) |
Yes |
Yes |
No |
No |
No |
No |
* Do we have notice of any secure/functional/in-progress/concept 1024bit hash?
The first 1024bit hash seen in the wild (unknown quality): http://code.google.com/p/sha3-grace/downloads/list
- Based on SHA-2 extended to support 1024bit instead of 512bit
** Easily upgradeable through the pkgsrc subsystem to include such hashes