català | [[HashInterop/CZ|česky]] | dansk | deutsch | '''english''' | español | français | lingála | magyar | nederlands | norsk | polski | português | svenska == Hash algorithm interoperability == . According to recent results from Crypto2004 through Crypto2006, SHA1 is no longer [[http://iang.org/papers/pareto-secure.html|Pareto-complete]]. This means that for ''some'' applications, purposes, and environments, it may be too weak, and we should consider moving to SHA-256 or preferably SHA-512 as Pareto-complete algorithms. ||Vendor ||MD5 ||SHA-1 ||SHA-256 ||SHA-384 ||'''SHA-512''' ||1024-bit* || ||||||||||||||'''Software''' || ||CAcert ||Disabled ||Yes ||||||Can be supported, but insufficent browser support ||No || ||OpenSSL 0.9.8 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||GnuPG 1.4.2 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||PGP 9.0 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Firefox+TB 1.5 ||Yes ||Yes ||Yes ||Yes ||'''No''' ||No || ||Firefox 2.0 Beta ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Konqueror |||||||||||| Konqueror depends on the installed OpenSSL || ||Opera 9.0 (uses OpenSSL) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Java SE 1.5.0_08 ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Java SE/ME 1.x ||||||||||Yes via Bouncy Castle Libs||No || ||Internet Explorer |||||||||||| depends on the installed Windows CryptoAPI || ||Outlook (Express) |||||||||||| depends on the installed Windows CryptoAPI || ||Safari ||Yes ||Yes ||? ||? ||'''?''' ||No || ||Evolution ||Yes ||Yes ||? ||? ||'''?''' ||No || ||KMail ||Yes ||Yes ||? ||? ||'''?''' ||No || ||Apple Mail ||Yes ||Yes ||? ||? ||'''?''' ||No || ||||||||||||||'''Operating Systems (and pre-installed Utils)''' || ||Debian 5.0 (Lenny) (OpenSSL 0.9.8g) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Debian 6.0 (Etch) (OpenSSL 0.9.8o) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||SuSE 8.0 (OpenSSL 0.9.6c) ||Yes ||Yes ||No ||No ||'''No''' ||No || ||SuSE 10.1 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||SuSE 10.1 (GnuPG 1.4.2) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||FC2-FC4 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No || ||FC4 (GnuPG) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||FC5 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Ubuntu 6.06 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Ubuntu 6.06 (GnuPG 1.4.2.2) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||FreeBSD 5.5-6.1 (md5 command, libmd) ||Yes ||Yes ||Yes ||No ||'''No''' ||No || ||FreeBSD 6.1-6.2 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No || ||MacOSX 10.4 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No || ||Mandriva 2006 (OpenSSL 0.9.7g) ||Yes ||Yes ||No ||No ||'''No''' ||No || ||Mandriva 2007 (OpenSSL 0.9.8b) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Knoppix 4.0.2 (OpenSSL 0.9.7g) ||Yes ||Yes ||No ||No ||'''No''' ||No || ||Knoppix 5.0.1 (OpenSSL 0.9.8a) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||Symbian OS 9.3 ||Yes ||Yes ||No ||No ||'''No''' ||No || ||Windows until XP SP2 ||Yes ||Yes ||No ||No ||'''No''' ||No || ||Windows 2003 SP2 x86; 2003 SP2 Itanium; XP SP2 X64, 2003 SP2 X64 + [[http://support.microsoft.com/kb/968730/en-us|kb968730]] ||Yes ||Yes ||Yes ||Yes ||'''Yes''' || No || ||Windows Vista (according to MS) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||NetBSD 3.0-3.1_RC1** ||Yes ||Yes ||No** ||No** ||'''No**''' ||No || ||NetBSD 4_Beta (OpenSSL 0.9.8b) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||OpenBSD 3.4 (cksum command, libc) ||Yes ||Yes ||Yes ||Yes ||'''Yes''' ||No || ||OpenBSD 3.6-4.0 (OpenSSL 0.9.7) ||Yes ||Yes ||No ||No ||'''No''' ||No || * Do we have notice of any secure/functional/in-progress/concept 1024bit hash? * The first 1024bit hash seen in the wild (unknown quality): http://code.google.com/p/sha3-grace/downloads/list * Based on SHA-2 extended to support 1024bit instead of 512bit ** Easily upgradeable through the pkgsrc subsystem to include such hashes ---- . CategoryNewRootsTaskForce