Re: "Certification Authorities are recommended to stop using MD5 altogether"

To: Sam Morris <sam@robots.org.uk>
Cc: debian-security@lists.debian.org
Subject: Re: "Certification Authorities are recommended to stop using MD5 altogether"
From: Simon Josefsson <simon@josefsson.org>
Date: Sun, 11 Jan 2009 22:04:29 +0100
Message-id: <[🔎] 877i51k10i.fsf@mocca.josefsson.org>
In-reply-to: <[🔎] pan.2009.01.01.14.56.52@robots.org.uk> (Sam Morris's message of "Thu, 1 Jan 2009 14:56:52 +0000 (UTC)")
References: <0812310232100.8102@somehost> <[🔎] pan.2009.01.01.14.56.52@robots.org.uk>

Sam Morris <sam@robots.org.uk> writes:

> Maybe in a few years, NSS will have disabled the use of MD5 and the 
> ancient MD2 algorithm. I wonder how many other insecure algorithms are 
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...

In GnuTLS, we decided in 2005 that certificate signatures with MD5
should be rejected because MD5 was not a good hash function any more.

/Simon

Reply to:

References:
- Re: "Certification Authorities are recommended to stop using MD5 altogether"
  - From: Sam Morris <sam@robots.org.uk>

Prev by Date: Re: Freeze exceptions for iceape/iceweasel/xulrunner?
Next by Date: Good Morning.
Previous by thread: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Next by thread: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Index(es):
- Date
- Thread