Archived
TD0578: SHA-1 is no longer mandatory
Publication Date
2021.02.12
Protection Profiles
PP_OS_V4.2.1
Other References
FCS_COP.1.1(2)
Issue Description
The hash being mandatory appears to be in contradiction with the FCS_TLSC_EXT.1 selection. However, SHA-1 is not required for TLS. Resolution
FCS_COP.1(2) is replaced as follows: FCS_COP.1(2) Cryptographic Operation - Hashing (Refined) FCS_COP.1.1(2) The OS shall perform [cryptographic hashing services] in accordance with a specified cryptographic algorithm [selection: · SHA-1, · SHA-256, · SHA-384, · SHA-512] and message digest sizes [selection: · 160 bits, · 256 bits, · 384 bits, · 512 bits] that meet the following: [FIPS Pub 180-4]. Application Note: Per NIST SP 800-131A, SHA-1 for generating digital signatures is no longer allowed, and SHA-1 for verification of digital signatures is strongly discouraged as there may be risk in accepting these signatures. Vendors are strongly encouraged to implement updated protocols that support the SHA-2 family; until updated protocols are supported, this PP allows support for SHA-1 implementations in compliance with SP 800-131A.
The intent of this requirement is to specify the hashing function. The hash selection must support the message digest size selection. The hash selection should be consistent with the overall strength of the algorithm used.
The evaluation activity remains unchanged. Justification
SHA-1 is no longer mandatory. |