Re: "Certification Authorities are recommended to stop using MD5 altogether"
On Thu, Jan 1, 2009 at 9:56 AM, Sam Morris <sam@robots.org.uk> wrote:
> Maybe in a few years, NSS will have disabled the use of MD5 and the
> ancient MD2 algorithm. I wonder how many other insecure algorithms are
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
Having programmed with OpenSSL a fair amount, I can say that the
problem isn't that the library has older algorithms in it. That's
needed for legacy compatibility. When initializing the library's
engine, or for a specific connection, you specify the acceptable
algorithms, so a particular application can reject MD2 or MD5
entirely. For the openssl binary, it's a question of how it's
configured at compile- and run-time. The default at least is to use
SHA-1. More worrisome is that RSA keys are generated with only
512-bit moduli by default, but that may be a holdover from US export
regulations.
--
Michael A. Marsh
http://www.umiacs.umd.edu/~mmarsh
http://mamarsh.blogspot.com
http://36pints.blogspot.com
Reply to: