català | [[HashInterop/CZ|česky]] | dansk | deutsch | '''english''' | español | français | lingála | magyar | nederlands | norsk | polski | português | svenska

== Hash algorithm interoperability ==

 . According to recent results from Crypto2004 through Crypto2006, SHA1 is no longer [[http://iang.org/papers/pareto-secure.html|Pareto-complete]].  This means that for ''some'' applications, purposes, and environments, it may be too weak, and we should consider moving to SHA-256 or preferably SHA-512 as Pareto-complete algorithms.

||Vendor ||MD5 ||SHA-1 ||SHA-256 ||SHA-384 ||'''SHA-512''' ||1024-bit* ||
||||||||||||||'''Software''' ||
||CAcert ||Disabled ||Yes ||||||Can be supported, but insufficent browser support ||No ||
||OpenSSL 0.9.8 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||GnuPG 1.4.2 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||PGP 9.0 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Firefox+TB 1.5 ||Yes ||Yes ||Yes ||Yes ||'''No''' ||No ||
||Firefox 2.0 Beta ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Konqueror |||||||||||| Konqueror depends on the installed OpenSSL  ||
||Opera 9.0 (uses OpenSSL) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Java SE 1.5.0_08 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Java SE/ME 1.x ||||||||||Yes via Bouncy Castle Libs||No ||
||Internet Explorer |||||||||||| depends on the installed Windows CryptoAPI ||
||Outlook (Express) |||||||||||| depends on the installed Windows CryptoAPI ||
||Safari ||Yes ||Yes ||? ||? ||'''?''' ||No ||
||Evolution ||Yes ||Yes ||? ||? ||'''?''' ||No ||
||KMail ||Yes ||Yes ||? ||? ||'''?''' ||No ||
||Apple Mail ||Yes ||Yes ||? ||? ||'''?''' ||No ||
||||||||||||||'''Operating Systems (and pre-installed Utils)''' ||
||Debian 5.0 (Lenny) (OpenSSL 0.9.8g) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Debian 6.0 (Etch) (OpenSSL 0.9.8o) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||SuSE 8.0 (OpenSSL 0.9.6c) ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||SuSE 10.1 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||SuSE 10.1 (GnuPG 1.4.2) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||FC2-FC4 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||FC4 (GnuPG) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||FC5 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Ubuntu 6.06 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Ubuntu 6.06 (GnuPG 1.4.2.2) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||FreeBSD 5.5-6.1 (md5 command, libmd) ||Yes ||Yes ||Yes ||No ||'''No''' ||No ||
||FreeBSD 6.1-6.2 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||MacOSX 10.4 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||Mandriva 2006 (OpenSSL 0.9.7g) ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||Mandriva 2007 (OpenSSL 0.9.8b) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Knoppix 4.0.2 (OpenSSL 0.9.7g) ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||Knoppix 5.0.1 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||Symbian OS 9.3 ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||Windows until XP SP2 ||Yes ||Yes ||No ||No ||'''No''' ||No ||
||Windows 2003 SP2 x86; 2003 SP2 Itanium; XP SP2 X64, 2003 SP2 X64 + [[http://support.microsoft.com/kb/968730/en-us|kb968730]] ||Yes ||Yes ||Yes ||Yes ||'''Yes''' || No ||
||Windows Vista (according to MS) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||NetBSD 3.0-3.1_RC1** ||Yes ||Yes ||No** ||No** ||'''No**''' ||No ||
||NetBSD 4_Beta (OpenSSL 0.9.8b) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||OpenBSD 3.4 (cksum command, libc) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No ||
||OpenBSD 3.6-4.0 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No ||

* Do we have notice of any secure/functional/in-progress/concept 1024bit hash?
  * The first 1024bit hash seen in the wild (unknown quality): http://code.google.com/p/sha3-grace/downloads/list
  * Based on SHA-2 extended to support 1024bit instead of 512bit

** Easily upgradeable through the pkgsrc subsystem to include such hashes

----
 . CategoryNewRootsTaskForce