--- /dev/null
+\section{A note on SHA digests}
+\label{section:SHA}
+
+
+In the last years several weaknesses have been shown for SHA-1. In
+particular, collisions on SHA-1 can be found using $2^{63}$ operations, and
+recent results even indicate a lower complexity. Therefore,
+ECRYPT II and NIST recommend against using SHA-1 for generating digital
+signatures and for other applications that require collision resistance.
+The use of SHA-1 in message authentication, e.g. HMAC, is not
+immediately threatened.
+
+We recommend using SHA-2 whenever available. Since SHA-2 is not
+supported by older versions of TLS, SHA-1 can be used for message
+authentication if a higher compatibility with a more diverse set of
+clients is needed.
+
+
+Our configurations A and B reflect this. While configuration A does not include
+SHA-1, configuration B does and thus is more compatible with a wider range of
+clients.
\large \lineskip 0.5em \usefont{OT1}{phv}{b}{sl} \color{DarkRed}}
\author{Wolfgang Breyha, David Durvaux, Tobias Dussa, L. Aaron
- Kaplan, Christian Mock, Manuel Koschuch, Adi
+ Kaplan, Florian Mendel, Christian Mock, Manuel Koschuch, Adi
Kriegisch, Ulrich P\"oschl, Ramin Sabet, Berg San, Ralf Schlatterbeck,
Thomas Schreck, Aaron Zauner, Pepi Zawodsky}
%\institute{
\setlength{\parindent}{0cm}
\postauthor{\footnotesize \usefont{OT1}{phv}{m}{sl} \color{Black}
-\\ \vskip 0.5em (University of Vienna, CERT.be, KIT-CERT, CERT.at, coretec.at, FH Campus Wien, VRVis, MilCERT Austria, A-Trust, , Runtux.com, Friedrich-Alexander University Erlangen-Nuremberg, azet.org, maclemon.at)
+\\ \vskip 0.5em (University of Vienna, CERT.be, KIT-CERT, CERT.at, IAIK, coretec.at, FH Campus Wien, VRVis, MilCERT Austria, A-Trust, , Runtux.com, Friedrich-Alexander University Erlangen-Nuremberg, azet.org, maclemon.at)
\par\end{flushleft}\HorRule}
\date{\today}
\label{chapter:Theory}
\input{PKIs}
\input{ECC}
+\input{SHA}
\input{DH}
\input{keylengths}
\input{RNGs}
Recommendations on keylengths need to be adapted regularly. Since this document
first of all is static and second of all, does not consider itself to be
-authoritative on keylengths, we rather want refer to existing publications and
+authoritative on keylengths, we would rather refer to existing publications and
websites. Recommending a safe key length is a hit-and-miss issue.
Furthermore, when chosing an encryption algorithm and keylength, the