Comment 10 for bug 19835

severity 314465 important
quit

Version 0.9.8 will fix this bug. The defautl will be SHA1 and SHA-256
etc. will be included.

I downgrade the severity temporarily to important to allow Version 0.9.7
to enter testing before I upload the new upstream 0.9.8.

Christoph

Andreas Bogk schrieb:
> Package: openssl
> Version: 0.9.7e-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> openssl.cnf defaults to usage of MD5 as digest algorithm for generation
> of certificates and CAs. MD5 must be considered broken beyond hope,
> we're not just talking about theoretical attacks, but attacks feasible
> for everybody. X.509 keys with colliding checksums (and thus false
> certificates) have been shown. See:
>
> http://www.cits.rub.de/MD5Collisions/
>
> for another example.
>
> Unfortunately, there seem to be problems with RIPEMD160 in practice
> (e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
> the only reasonable choice at the moment is SHA-1, even though SHA-1 has
> been theoretically weakend already, and RIPEMD160 would be preferable.
> I suggest adding
>
> default_md: sha-1
>
> in the req and ca sections of openssl.cnf, and talking the upstream
> maintainers into supporting SHA-384 or SHA-512.
>
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-686
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
>
> Versions of packages openssl depends on:
> ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
> ii libssl0.9.7 0.9.7e-3 SSL shared libraries
>
> -- no debconf information

--
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail: <email address hidden>
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856