Re: "Certification Authorities are recommended to stop using MD5 altogether"

To: debian-security@lists.debian.org
Subject: Re: "Certification Authorities are recommended to stop using MD5 altogether"
From: "Michael Marsh" <michael.a.marsh@gmail.com>
Date: Thu, 1 Jan 2009 10:42:13 -0500
Message-id: <[🔎] ceb0ad00901010742i4cc30f6bu4ac24ef1ef46b892@mail.gmail.com>
In-reply-to: <[🔎] pan.2009.01.01.14.56.52@robots.org.uk>
References: <0812310232100.8102@somehost> <[🔎] pan.2009.01.01.14.56.52@robots.org.uk>

On Thu, Jan 1, 2009 at 9:56 AM, Sam Morris <sam@robots.org.uk> wrote:
> Maybe in a few years, NSS will have disabled the use of MD5 and the
> ancient MD2 algorithm. I wonder how many other insecure algorithms are
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...

Having programmed with OpenSSL a fair amount, I can say that the
problem isn't that the library has older algorithms in it.  That's
needed for legacy compatibility.  When initializing the library's
engine, or for a specific connection, you specify the acceptable
algorithms, so a particular application can reject MD2 or MD5
entirely.  For the openssl binary, it's a question of how it's
configured at compile- and run-time.  The default at least is to use
SHA-1.  More worrisome is that RSA keys are generated with only
512-bit moduli by default, but that may be a holdover from US export
regulations.

-- 
Michael A. Marsh
http://www.umiacs.umd.edu/~mmarsh
http://mamarsh.blogspot.com
http://36pints.blogspot.com

Reply to:

References:
- Re: "Certification Authorities are recommended to stop using MD5 altogether"
  - From: Sam Morris <sam@robots.org.uk>

Prev by Date: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Next by Date: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Previous by thread: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Next by thread: Re: "Certification Authorities are recommended to stop using MD5 altogether"
Index(es):
- Date
- Thread