Ubuntu
openssl package

Bug #19835
Comment #5

Comment 5 for bug 19835

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-08-17:

Message-ID: <email address hidden>
Date: Wed, 22 Jun 2005 14:20:51 +0200
From: Christoph Martin <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest]

--------------enigAC5FE4DF5083A6A17B776F12
Content-Type: multipart/mixed;
boundary="------------030205020607040602040209"

This is a multi-part message in MIME format.
--------------030205020607040602040209
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi folks,

can you please comment on this bug report I got via the Debian
bug-tracking system. This is the first time, that I heard someone saying
that the theoretical weekness of md5 is a real security hole.

Christoph
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856

--------------030205020607040602040209
Content-Type: message/rfc822; name="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"

Return-Path: <email address hidden>
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE [134.93.178.129])
by wintermute.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id j5GDNEi5009442
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200
Received: from exfront01.zdv.uni-mainz.de (exfront01.zdv.Uni-Mainz.DE [134.93.176.49])
by mailgate1.zdv.Uni-Mainz.DE (Postfix) with ESMTP id 97F81300085F
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200 (CEST)
Received: from spamgate1.zdv.Uni-Mainz.DE ([134.93.177.65]) by exfront01.zdv.uni-mainz.de with
Microsoft SMTPSVC(6.0.3790.211); Thu, 16 Jun 2005 15:23:14 +0200
Received: from mailgate2.zdv.Uni-Mainz.DE (mailgate2.zdv.Uni-Mainz.DE [134.93.178.130])
by spamgate1.zdv.Uni-Mainz.DE (8.12.10/8.12.2) with ESMTP id j5GDN7gQ012238
for <email address hidden>; Thu, 16 Jun 2005 15:23:08 +0200 (MEST)
Received: from spohr.debian.org (spohr.debian.org [140.211.166.43])
by mailgate2.zdv.Uni-Mainz.DE (Postfix) with ESMTP id 6D8833000393
for <email address hidden>; Thu, 16 Jun 2005 15:23:07 +0200 (CEST)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
id 1DiuFu-00070o-00; Thu, 16 Jun 2005 06:18:02 -0700
X-Loop: <email address hidden>
Subject: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest
Reply-To: Andreas Bogk <email address hidden>, <email address hidden>
Resent-From: Andreas Bogk <email address hidden>
Resent-To: <email address hidden>
Resent-CC: Christoph Martin <email address hidden>
Resent-Date: Thu, 16 Jun 2005 13:18:01 UTC
Resent-Message-ID: <email address hidden>
X-Debian-PR-Message: report 314465
X-Debian-PR-Package: openssl
X-Debian-PR-Keywords: security
Received: via spool by <email address hidden> id=B.111892713712913
(code B ref -1); Thu, 16 Jun 2005 13:18:01 UTC
Received: (at submit) by bugs.debian.org; 16 Jun 2005 13:05:37 +0000
Received: from (homer.berlin.jpk.com) [212.222.128.18]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Diu3t-0003Fv-00; Thu, 16 Jun 2005 06:05:37 -0700
Received: from root by homer.berlin.jpk.com with local (Exim 4.50) id 1Diu2n-0007e3-Rn
for <email address hidden>; Thu, 16 Jun 2005 15:04:29 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andreas Bogk <email address hidden>
To: Debian Bug Tracking System <email address hidden>
X-Mailer: reportbug 6763.8
Date: Thu, 16 Jun 2005 15:04:29 +0200
Message-Id: <email address hidden>
Delivered-To: <email address hidden>
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.599 required=5 tests=BAYES_00 version=3.0.3
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-Spam-Level:
Resent-Sender: Debian BTS <email address hidden>
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-OriginalArrivalTime: 16 Jun 2005 13:23:14.0312 (UTC) FILETIME=[8CC16880:01C57276]
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-Scanned-By: MIMEDefang 2.51 on 134.93.225.251
X-UID: 6996
X-Keywords: NonJunk

Package: openssl
Version: 0.9.7e-3
Severity: grave
Tags: security
Justification: user security hole

openssl.cnf defaults to usage of MD5 as digest algorithm for generation
of certificates and CAs. MD5 must be considered broken beyond hope,
we're not just talking about theoretical attacks, but attacks feasible
for everybody. X.509 keys with colliding checksums (and thus false
certificates) have been shown. See:

http://www.cits.rub.de/MD5Collisions/

for another example.

Unfortunately, there seem to be problems with RIPEMD160 in practice
(e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
the only reasonable choice at the moment is SHA-1, even though SHA-1 has
been theoretically weakend already, and RIPEMD160 would be preferable.
I suggest adding

default_md: sha-1

in the req and ca sections of openssl.cnf, and talking the upstream
maintainers into supporting SHA-384 or SHA-512.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages openssl depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries

-- no debconf information

--------------030205020607040602040209--

--------------enigAC5FE4DF5083A6A17B776F12
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCuVepgeVih7XOVJcRAlV9AJ9ohMryrdoavtk/DXFpShpajSScyQCeJz5d
QVGiZ35XqEjb/nirqixIv+A=
=m1aX
-----END PGP SIGNATURE-----

--------------enigAC5FE4DF5083A6A17B776F12--

Message-ID: <42B957A3.1000008@uni-mainz.de>
Date: Wed, 22 Jun 2005 14:20:51 +0200
From: Christoph Martin <martin@uni-mainz.de>
To: openssl-bugs@openssl.org
CC: 314465-forwarded@bugs.debian.org
Subject: [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest]

--------------enigAC5FE4DF5083A6A17B776F12
Content-Type: multipart/mixed;
 boundary="------------030205020607040602040209"

This is a multi-part message in MIME format.
--------------030205020607040602040209
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi folks,

can you please comment on this bug report I got via the Debian
bug-tracking system. This is the first time, that I heard someone saying
that the theoretical weekness of md5 is a real security hole.

Christoph
-- 
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin@Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

--------------030205020607040602040209
Content-Type: message/rfc822; name="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
	filename="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"

Return-Path: <debbugs@bugs.debian.org>
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE [134.93.178.129])
	by wintermute.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id j5GDNEi5009442
	for <martin@wintermute.verwaltung.uni-mainz.de>; Thu, 16 Jun 2005 15:23:14 +0200
Received: from exfront01.zdv.uni-mainz.de (exfront01.zdv.Uni-Mainz.DE [134.93.176.49])
	by mailgate1.zdv.Uni-Mainz.DE (Postfix) with ESMTP id 97F81300085F
	for <martin@wintermute.verwaltung.uni-mainz.de>; Thu, 16 Jun 2005 15:23:14 +0200 (CEST)
Received: from spamgate1.zdv.Uni-Mainz.DE ([134.93.177.65]) by exfront01.zdv.uni-mainz.de with
	Microsoft SMTPSVC(6.0.3790.211); Thu, 16 Jun 2005 15:23:14 +0200
Received: from mailgate2.zdv.Uni-Mainz.DE (mailgate2.zdv.Uni-Mainz.DE [134.93.178.130])
	by spamgate1.zdv.Uni-Mainz.DE (8.12.10/8.12.2) with ESMTP id j5GDN7gQ012238
	for <christoph.martin@uni-mainz.de>; Thu, 16 Jun 2005 15:23:08 +0200 (MEST)
Received: from spohr.debian.org (spohr.debian.org [140.211.166.43])
	by mailgate2.zdv.Uni-Mainz.DE (Postfix) with ESMTP id 6D8833000393
	for <christoph.martin@uni-mainz.de>; Thu, 16 Jun 2005 15:23:07 +0200 (CEST)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
	id 1DiuFu-00070o-00; Thu, 16 Jun 2005 06:18:02 -0700
X-Loop: owner@bugs.debian.org
Subject: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest
Reply-To: Andreas Bogk <andreas@andreas.org>, 314465@bugs.debian.org
Resent-From: Andreas Bogk <andreas@andreas.org>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: Christoph Martin <christoph.martin@uni-mainz.de>
Resent-Date: Thu, 16 Jun 2005 13:18:01 UTC
Resent-Message-ID: <handler.314465.B.111892713712913@bugs.debian.org>
X-Debian-PR-Message: report 314465
X-Debian-PR-Package: openssl
X-Debian-PR-Keywords: security
Received: via spool by submit@bugs.debian.org id=B.111892713712913
	(code B ref -1); Thu, 16 Jun 2005 13:18:01 UTC
Received: (at submit) by bugs.debian.org; 16 Jun 2005 13:05:37 +0000
Received: from (homer.berlin.jpk.com) [212.222.128.18] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Diu3t-0003Fv-00; Thu, 16 Jun 2005 06:05:37 -0700
Received: from root by homer.berlin.jpk.com with local (Exim 4.50) id 1Diu2n-0007e3-Rn
	for submit@bugs.debian.org; Thu, 16 Jun 2005 15:04:29 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andreas Bogk <andreas@andreas.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
X-Mailer: reportbug 6763.8
Date: Thu, 16 Jun 2005 15:04:29 +0200
Message-Id: <E1Diu2n-0007e3-Rn@homer.berlin.jpk.com>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.599 required=5 tests=BAYES_00 version=3.0.3
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-Spam-Level: 
Resent-Sender: Debian BTS <debbugs@bugs.debian.org>
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-OriginalArrivalTime: 16 Jun 2005 13:23:14.0312 (UTC) FILETIME=[8CC16880:01C57276]
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-Scanned-By: MIMEDefang 2.51 on 134.93.225.251
X-UID: 6996
X-Keywords: NonJunk

Package: openssl
Version: 0.9.7e-3
Severity: grave
Tags: security
Justification: user security hole

openssl.cnf defaults to usage of MD5 as digest algorithm for generation
of certificates and CAs.  MD5 must be considered broken beyond hope,
we're not just talking about theoretical attacks, but attacks feasible
for everybody. X.509 keys with colliding checksums (and thus false
certificates) have been shown. See:

http://www.cits.rub.de/MD5Collisions/

for another example.

Unfortunately, there seem to be problems with RIPEMD160 in practice
(e.g. the Debian Thunderbird package doesn't understand RIPEMD160).  So
the only reasonable choice at the moment is SHA-1, even though SHA-1 has
been theoretically weakend already, and RIPEMD160 would be preferable.  
I suggest adding

default_md: sha-1

in the req and ca sections of openssl.cnf, and talking the upstream
maintainers into supporting SHA-384 or SHA-512.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages openssl depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7e-3     SSL shared libraries

-- no debconf information

--------------030205020607040602040209--

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCuVepgeVih7XOVJcRAlV9AJ9ohMryrdoavtk/DXFpShpajSScyQCeJz5d
QVGiZ35XqEjb/nirqixIv+A=
=m1aX
-----END PGP SIGNATURE-----

--------------enigAC5FE4DF5083A6A17B776F12--

Ubuntuopenssl package

Comment 5 for bug 19835

Ubuntu
openssl package