Ubuntu
openssl package

Bug #19835
Comment #11

Comment 11 for bug 19835

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#11

Message-ID: <email address hidden>
Date: Wed, 14 Sep 2005 10:13:50 +0200
From: Christoph Martin <email address hidden>
To: Andreas Bogk <email address hidden>, <email address hidden>
CC: <email address hidden>
Subject: Re: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest

--------------enigBD1D1B39E26B2E9D00FD31DB
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

severity 314465 important
quit

Version 0.9.8 will fix this bug. The defautl will be SHA1 and SHA-256
etc. will be included.

I downgrade the severity temporarily to important to allow Version 0.9.7
to enter testing before I upload the new upstream 0.9.8.

Christoph

Andreas Bogk schrieb:
> Package: openssl
> Version: 0.9.7e-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> openssl.cnf defaults to usage of MD5 as digest algorithm for generation
> of certificates and CAs. MD5 must be considered broken beyond hope,
> we're not just talking about theoretical attacks, but attacks feasible
> for everybody. X.509 keys with colliding checksums (and thus false
> certificates) have been shown. See:
>
> http://www.cits.rub.de/MD5Collisions/
>
> for another example.
>
> Unfortunately, there seem to be problems with RIPEMD160 in practice
> (e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
> the only reasonable choice at the moment is SHA-1, even though SHA-1 has
> been theoretically weakend already, and RIPEMD160 would be preferable.
> I suggest adding
>
> default_md: sha-1
>
> in the req and ca sections of openssl.cnf, and talking the upstream
> maintainers into supporting SHA-384 or SHA-512.
>
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-686
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
>
> Versions of packages openssl depends on:
> ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
> ii libssl0.9.7 0.9.7e-3 SSL shared libraries
>
> -- no debconf information

--
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856

--------------enigBD1D1B39E26B2E9D00FD31DB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDJ9u+geVih7XOVJcRAmQHAJ9eCL0w2zs7Mbr4ZNvBqzu75MDfqgCfXZmS
6c4Fpu0u4l0HzSFt2KQaiH4=
=a0+r
-----END PGP SIGNATURE-----

--------------enigBD1D1B39E26B2E9D00FD31DB--

Message-ID: <4327DBBE.4070602@uni-mainz.de>
Date: Wed, 14 Sep 2005 10:13:50 +0200
From: Christoph Martin <martin@uni-mainz.de>
To: Andreas Bogk <andreas@andreas.org>, 314465@bugs.debian.org
CC: control@bugs.debian.org
Subject: Re: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest

--------------enigBD1D1B39E26B2E9D00FD31DB
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

severity 314465 important
quit

Version 0.9.8 will fix this bug. The defautl will be SHA1 and SHA-256
etc. will be included.

I downgrade the severity temporarily to important to allow Version 0.9.7
to enter testing before I upload the new upstream 0.9.8.

Christoph

Andreas Bogk schrieb:
> Package: openssl
> Version: 0.9.7e-3
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 
> openssl.cnf defaults to usage of MD5 as digest algorithm for generation
> of certificates and CAs.  MD5 must be considered broken beyond hope,
> we're not just talking about theoretical attacks, but attacks feasible
> for everybody. X.509 keys with colliding checksums (and thus false
> certificates) have been shown. See:
> 
> http://www.cits.rub.de/MD5Collisions/
> 
> for another example.
> 
> Unfortunately, there seem to be problems with RIPEMD160 in practice
> (e.g. the Debian Thunderbird package doesn't understand RIPEMD160).  So
> the only reasonable choice at the moment is SHA-1, even though SHA-1 has
> been theoretically weakend already, and RIPEMD160 would be preferable.  
> I suggest adding
> 
> default_md: sha-1
> 
> in the req and ca sections of openssl.cnf, and talking the upstream
> maintainers into supporting SHA-384 or SHA-512.
> 
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-686
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> 
> Versions of packages openssl depends on:
> ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
> ii  libssl0.9.7                 0.9.7e-3     SSL shared libraries
> 
> -- no debconf information

-- 
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin@Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDJ9u+geVih7XOVJcRAmQHAJ9eCL0w2zs7Mbr4ZNvBqzu75MDfqgCfXZmS
6c4Fpu0u4l0HzSFt2KQaiH4=
=a0+r
-----END PGP SIGNATURE-----

--------------enigBD1D1B39E26B2E9D00FD31DB--

Ubuntuopenssl package

Comment 11 for bug 19835

Ubuntu
openssl package