0

I was working on a project where two programs are exchanging information over a network. I am having them generate a public/private RSA key pair to encrypt traffic.

It seems that one of the programming language environments has a built-in limit of using SHA-1 in the processing of RSA asynchronous encryption.

Can someone put into context how "bad" this is, having to drop to using SHA-1 for this purpose? Is the risk high enough that I should explore an alternative means of generating the RSA keys, like an external program helper to bundle with the limited application?

EDIT: As per Robert's question, I'm generating a public/private keypair, then the public key is sent to remote clients. One program is written in Go, and it uses the public key to encrypt text being sent using:

    hash := sha1.New()
    btCipherText, err := rsa.EncryptOAEP(hash, rand.Reader, keyPub, btMessage, nil)

Using sha512 didn't work because the other language, Xojo, doesn't seem to support it, although I'm in the process of asking about it with people who may be more familiar with the that language. The EncryptOAEP uses the SHA hash as part of the encryption process...after that, I can send the btCipherText to the client over the network.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
Bart Silverstrim
  • 393
  • 1
  • 9
  • If you are talking about a concrete programming language you should name it. In any way if the pl supports SHA-256 at all there is usually a way to use it with RSA. BTW: You are talking about RSA encryption but then mention hashes. So most likely you are trying to generate/verify RSA signatures, correct? Because RSA can't be used for direct encryption of network traffic. – Robert Apr 08 '20 at 16:12
  • Are you using SSL or are you using some other custom exchange setup? – Jeff Ferland Apr 08 '20 at 17:07
  • 1
    See Thomas Pornin's answer at https://security.stackexchange.com/questions/112029/should-sha-1-be-used-with-rsa-oaep. Even though this answer was written over four years ago, I believe the main points that he makes still apply. – mti2935 Apr 08 '20 at 17:27
  • @JeffFerland Not using SSL. They connect over a TCP connection and send the public key to each other, then start encrypting messages using each other's public keys from then on. – Bart Silverstrim Apr 08 '20 at 17:51
  • @mti2935 Thanks for the link; from the information there, if things haven't changed since it was posted, it looks SHA-1 isn't necessarily *bad* but the current practice is to not use it "just in case" and can lead to having to justify the decision if you don't use that best practice... – Bart Silverstrim Apr 08 '20 at 17:54
  • @BartSilverstrim That's right. But, in your case, you have a valid reason for using SHA1, because the other party doesn't support any other hashing functions. – mti2935 Apr 08 '20 at 18:42

0 Answers0