Re: "Certification Authorities are recommended to stop using MD5 altogether"
On Thu, Jan 1, 2009 at 9:56 AM, Sam Morris <firstname.lastname@example.org> wrote:
> Maybe in a few years, NSS will have disabled the use of MD5 and the
> ancient MD2 algorithm. I wonder how many other insecure algorithms are
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
Having programmed with OpenSSL a fair amount, I can say that the
problem isn't that the library has older algorithms in it. That's
needed for legacy compatibility. When initializing the library's
engine, or for a specific connection, you specify the acceptable
algorithms, so a particular application can reject MD2 or MD5
entirely. For the openssl binary, it's a question of how it's
configured at compile- and run-time. The default at least is to use
SHA-1. More worrisome is that RSA keys are generated with only
512-bit moduli by default, but that may be a holdover from US export
Michael A. Marsh