Stream: australia
Topic: SHA-1
Grahame Grieve (Feb 19 2019 at 21:41):
GF#20169 claims that the Australian goverment "has started banning the use of SHA1 for any purpose". I cannot find any evidence for that - only that SHA1 certs are (appropriately) prohibited. Lot of software uses SHA1 and is fine (git, for instance). is there any evidence that such a stupid ban is going to happen?
Grahame Grieve (Feb 19 2019 at 21:41):
(though it seems more likely that they'll turn around and require the use of SHA1 right now...)
Reuben Daniels (Feb 20 2019 at 22:20):
The specific DSD/ASD policy change document is a bit hard to find right now while cybersec content is moving between ASD/DSD and the Australian Cyber Security Centre (ACSC) web site. However, see page 136 of the ISM here: https://cyber.gov.au/government/publications/australian-government-information-security-manual-ism/pdf/Australian_Government_Information_Security_Manual.pdf
Grahame Grieve (Feb 20 2019 at 22:28):
so the scope here is crypto. Since we're not doing crypto, I think it's ok
Michael Lawley (Mar 18 2019 at 02:07):
It is somewhat frustrating that FHIR imposes a specific has (SHA) algorithm when your existing back-end systems use something else. Other specs seem to embed the hash algorithm into the hash string itself
Last updated: Apr 12 2022 at 19:14 UTC
