Closed hchavers closed 8 years ago
serianox
commented
8 years ago There is no reason to hash the origin to generate the Client Application Identifier. Except for being vulnerable to 2nd preimage attacks.
The Client Application Identifier should be set to the the ASCII serialization of the web application origin as defined in [RFC6454].
This will also save space as origins are usually smaller than the smallest hash size considered secure today i.e. 224 bits).
opoto
commented
8 years ago SHA-1 is the cryptographic hash function used today in GP-AC v1.1. As a consequence, GP-AC limits the size of the Device Application ID (DeviceAppID) to 20 bytes. This prevents from using a more secure hash function in the Web API for SE specification. So this specification has to use SHA-1.
However Globalplaform intends to update the GP-AC to use longer DeviceAppID and stronger hashing algorithm. As noted in the Web API for SE specification, this specification will then be updated.
Comments from Trusted Computing Group - Item # 16
Section: 6.2 Client Application Identifier
Comment: Re: “The SHA-1 hash function is used here because the GlobalPlatform Access Control specification for now only supports 20 bytes long identifiers.”
Proposed Resolution: The use of SHA-1 (especially for authorization) is unacceptable - this spec should NOT be published with this basis for App ID.