Hash algorithm interoperability
According to recent results from Crypto2004 through Crypto2006, SHA1 is no longer [http://iang.org/papers/pareto-secure.html Pareto-complete]. This means that for some applications, purposes, and environments, it may be too weak, and we should consider moving to SHA-256 or preferably SHA-512 as Pareto-complete algorithms.
Vendor |
MD5 |
SHA-1 |
SHA-256 |
SHA-384 |
SHA-512 |
any 1024 bit algo* |
|
CAcert |
No |
Yes |
Soon |
Soon |
Soon |
|
|
OpenSSL 0.9.8 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
GnuPG 1.4.2 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
PGP 9.0 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Firefox+TB 1.5 |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Firefox 2.0 Beta |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Debian Stable (OpenSSL 0.9.7e) |
Yes |
Yes |
No |
No |
No |
No |
|
Debian Stable (GnuPG 1.4.1) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Debian Testing (Etch) (OpenSSL 0.9.8c) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Java SE 1.5.0_08 |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Java SE/ME 1.1-1.6 |
Yes (via BC) |
Yes (via BC) |
Yes (via BC) |
Yes (via BC) |
Yes (via BC) |
? |
|
SuSE 8.0 (OpenSSL 0.9.6c) |
Yes |
Yes |
No |
No |
No |
No |
|
SuSE 10.1 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
SuSE 10.1 (GnuPG 1.4.2) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
FC2 (OpenSSL 0.9.7a) |
Yes |
Yes |
No |
No |
No |
No |
|
FC3 (OpenSSL 0.9.7a) |
Yes |
Yes |
No |
No |
No |
No |
|
FC4 (OpenSSL 0.9.7f) |
Yes |
Yes |
No |
No |
No |
No |
|
FC4 (GnuPG) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
FC5 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Firefox 1.5.0.6 (FC5) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Firefox 1.5.0.6 (Win XP SP2) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Thunderbird 1.5.0.5 (FC5) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Thunderbird 1.5.0.5 (Win XP SP2) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Ubuntu 6.06 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Ubuntu 6.06 (GnuPG 1.4.2.2) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
FreeBSD 5.5 (md5 command, libmd) |
Yes |
Yes |
Yes |
No |
No |
No |
|
FreeBSD 6.1 (md5 command, libmd) |
Yes |
Yes |
Yes |
No |
No |
No |
|
FreeBSD 6.2 (OpenSSL 0.9.7e) |
Yes |
Yes |
No |
No |
No |
No |
|
FreeBSD 6.1 (OpenSSL 0.9.7i) |
Yes |
Yes |
No |
No |
No |
No |
|
MacOSX 10.4 (OpenSSL 0.9.7i) |
Yes |
Yes |
No |
No |
No |
No |
|
Mandriva 2006 (OpenSSL 0.9.7g) |
Yes |
Yes |
No |
No |
No |
No |
|
Mandriva 2007 (OpenSSL 0.9.8b) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Knoppix 4.0.2 (OpenSSL 0.9.7g) |
Yes |
Yes |
No |
No |
No |
No |
|
Knoppix 5.0.1 (OpenSSL 0.9.8a) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Windows until XP SP2 |
Yes |
Yes |
No |
No |
No |
No |
|
Windows Vista (according to MS) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
NetBSD 3.0 (OpenSSL 0.9.7d)** |
Yes |
Yes |
No** |
No** |
No** |
No |
|
NetBSD 3.1_RC1** |
Yes |
Yes |
No** |
No** |
No** |
No |
|
NetBSD 4_Beta (OpenSSL 0.9.8b) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
OpenBSD 3.4 (cksum command, libc) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
OpenBSD 3.6 (OpenSSL 0.9.7d) |
Yes |
Yes |
No |
No |
No |
No |
|
OpenBSD 3.9 (OpenSSL 0.9.7g) |
Yes |
Yes |
No |
No |
No |
No |
|
OpenBSD 4.0 (OpenSSL 0.9.7j) |
Yes |
Yes |
No |
No |
No |
No |
|
Outlook (Express) |
? |
? |
? |
? |
? |
? |
|
Opera |
? |
? |
? |
? |
? |
? |
|
Konqueror |
~ |
~ |
~ |
~ |
~ |
~ |
Konqueror depends on the installed OpenSSL |
Safari |
? |
? |
? |
? |
? |
? |
|
Evolution |
? |
? |
? |
? |
? |
? |
|
KMail |
? |
? |
? |
? |
? |
? |
|
Apple Mail |
? |
? |
? |
? |
? |
? |
* Do we have notice of any secure/functional/in-progress/concept 1024bit hash? The first 1024bit hash seen in the wild (unknown quality): http://code.google.com/p/sha3-grace/downloads/list
** Easily upgradeable through the pkgsrc subsystem to include such hashes