[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Certification Authorities are recommended to stop using MD5 altogether"

On Thu, Jan 1, 2009 at 9:56 AM, Sam Morris <sam@robots.org.uk> wrote:
> Maybe in a few years, NSS will have disabled the use of MD5 and the
> ancient MD2 algorithm. I wonder how many other insecure algorithms are
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...

Having programmed with OpenSSL a fair amount, I can say that the
problem isn't that the library has older algorithms in it.  That's
needed for legacy compatibility.  When initializing the library's
engine, or for a specific connection, you specify the acceptable
algorithms, so a particular application can reject MD2 or MD5
entirely.  For the openssl binary, it's a question of how it's
configured at compile- and run-time.  The default at least is to use
SHA-1.  More worrisome is that RSA keys are generated with only
512-bit moduli by default, but that may be a holdover from US export

Michael A. Marsh

Reply to: