This is a multi-part message in MIME format.
--------------030205020607040602040209
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hi folks,
can you please comment on this bug report I got via the Debian
bug-tracking system. This is the first time, that I heard someone saying
that the theoretical weekness of md5 is a real security hole.
Christoph
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
--------------030205020607040602040209
Content-Type: message/rfc822; name="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Return-Path: <email address hidden>
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE [134.93.178.129])
by wintermute.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id j5GDNEi5009442
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200
Received: from exfront01.zdv.uni-mainz.de (exfront01.zdv.Uni-Mainz.DE [134.93.176.49])
by mailgate1.zdv.Uni-Mainz.DE (Postfix) with ESMTP id 97F81300085F
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200 (CEST)
Received: from spamgate1.zdv.Uni-Mainz.DE ([134.93.177.65]) by exfront01.zdv.uni-mainz.de with
Microsoft SMTPSVC(6.0.3790.211); Thu, 16 Jun 2005 15:23:14 +0200
Received: from mailgate2.zdv.Uni-Mainz.DE (mailgate2.zdv.Uni-Mainz.DE [134.93.178.130])
by spamgate1.zdv.Uni-Mainz.DE (8.12.10/8.12.2) with ESMTP id j5GDN7gQ012238
for <email address hidden>; Thu, 16 Jun 2005 15:23:08 +0200 (MEST)
Received: from spohr.debian.org (spohr.debian.org [140.211.166.43])
by mailgate2.zdv.Uni-Mainz.DE (Postfix) with ESMTP id 6D8833000393
for <email address hidden>; Thu, 16 Jun 2005 15:23:07 +0200 (CEST)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
id 1DiuFu-00070o-00; Thu, 16 Jun 2005 06:18:02 -0700
X-Loop: <email address hidden>
Subject: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest
Reply-To: Andreas Bogk <email address hidden>, <email address hidden>
Resent-From: Andreas Bogk <email address hidden>
Resent-To: <email address hidden>
Resent-CC: Christoph Martin <email address hidden>
Resent-Date: Thu, 16 Jun 2005 13:18:01 UTC
Resent-Message-ID: <email address hidden>
X-Debian-PR-Message: report 314465
X-Debian-PR-Package: openssl
X-Debian-PR-Keywords: security
Received: via spool by <email address hidden> id=B.111892713712913
(code B ref -1); Thu, 16 Jun 2005 13:18:01 UTC
Received: (at submit) by bugs.debian.org; 16 Jun 2005 13:05:37 +0000
Received: from (homer.berlin.jpk.com) [212.222.128.18]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Diu3t-0003Fv-00; Thu, 16 Jun 2005 06:05:37 -0700
Received: from root by homer.berlin.jpk.com with local (Exim 4.50) id 1Diu2n-0007e3-Rn
for <email address hidden>; Thu, 16 Jun 2005 15:04:29 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andreas Bogk <email address hidden>
To: Debian Bug Tracking System <email address hidden>
X-Mailer: reportbug 6763.8
Date: Thu, 16 Jun 2005 15:04:29 +0200
Message-Id: <email address hidden>
Delivered-To: <email address hidden>
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.599 required=5 tests=BAYES_00 version=3.0.3
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-Spam-Level:
Resent-Sender: Debian BTS <email address hidden>
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-OriginalArrivalTime: 16 Jun 2005 13:23:14.0312 (UTC) FILETIME=[8CC16880:01C57276]
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-Scanned-By: MIMEDefang 2.51 on 134.93.225.251
X-UID: 6996
X-Keywords: NonJunk
openssl.cnf defaults to usage of MD5 as digest algorithm for generation
of certificates and CAs. MD5 must be considered broken beyond hope,
we're not just talking about theoretical attacks, but attacks feasible
for everybody. X.509 keys with colliding checksums (and thus false
certificates) have been shown. See:
Unfortunately, there seem to be problems with RIPEMD160 in practice
(e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
the only reasonable choice at the moment is SHA-1, even though SHA-1 has
been theoretically weakend already, and RIPEMD160 would be preferable.
I suggest adding
default_md: sha-1
in the req and ca sections of openssl.cnf, and talking the upstream
maintainers into supporting SHA-384 or SHA-512.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages openssl depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
Message-ID: <email address hidden>
Date: Wed, 22 Jun 2005 14:20:51 +0200
From: Christoph Martin <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest]
------- ------- enigAC5FE4DF508 3A6A17B776F12 "------ ------030205020 607040602040209 "
Content-Type: multipart/mixed;
boundary=
This is a multi-part message in MIME format. ------- 030205020607040 602040209 Transfer- Encoding: 7bit
-------
Content-Type: text/plain; charset=ISO-8859-1
Content-
Hi folks,
can you please comment on this bug report I got via the Debian
bug-tracking system. This is the first time, that I heard someone saying
that the theoretical weekness of md5 is a real security hole.
Christoph ======= ======= ======= ======= ======= ======= ======= ======= ======= ======
--
=======
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
------- ------- 030205020607040 602040209 Transfer- Encoding: 7bit Disposition: inline; "Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Content-Type: message/rfc822; name="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Content-
Content-
filename=
Return-Path: <email address hidden> zdv.Uni- Mainz.DE (mailgate1. zdv.Uni- Mainz.DE [134.93.178.129]) verwaltung. uni-mainz. de (8.12.3/ 8.12.3/ Debian- 7.1) with ESMTP id j5GDNEi5009442 zdv.uni- mainz.de (exfront01. zdv.Uni- Mainz.DE [134.93.176.49]) zdv.Uni- Mainz.DE (Postfix) with ESMTP id 97F81300085F zdv.Uni- Mainz.DE ([134.93.177.65]) by exfront01. zdv.uni- mainz.de with 6.0.3790. 211); Thu, 16 Jun 2005 15:23:14 +0200 zdv.Uni- Mainz.DE (mailgate2. zdv.Uni- Mainz.DE [134.93.178.130]) zdv.Uni- Mainz.DE (8.12.10/8.12.2) with ESMTP id j5GDN7gQ012238 zdv.Uni- Mainz.DE (Postfix) with ESMTP id 6D8833000393 PR-Message: report 314465 PR-Package: openssl PR-Keywords: security 12913 berlin. jpk.com) [212.222.128.18] jpk.com with local (Exim 4.50) id 1Diu2n-0007e3-Rn Transfer- Encoding: 7bit Checker- Version: SpamAssassin 2.60-bugs. debian. org_2005_ 01_02 2003-09- 23-exp) on spohr.debian.org 00,HAS_ PACKAGE 2.60-bugs. debian. org_2005_ 01_02 alTime: 16 Jun 2005 13:23:14.0312 (UTC) FILETIME= [8CC16880: 01C57276]
Received: from mailgate1.
by wintermute.
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200
Received: from exfront01.
by mailgate1.
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200 (CEST)
Received: from spamgate1.
Microsoft SMTPSVC(
Received: from mailgate2.
by spamgate1.
for <email address hidden>; Thu, 16 Jun 2005 15:23:08 +0200 (MEST)
Received: from spohr.debian.org (spohr.debian.org [140.211.166.43])
by mailgate2.
for <email address hidden>; Thu, 16 Jun 2005 15:23:07 +0200 (CEST)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
id 1DiuFu-00070o-00; Thu, 16 Jun 2005 06:18:02 -0700
X-Loop: <email address hidden>
Subject: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest
Reply-To: Andreas Bogk <email address hidden>, <email address hidden>
Resent-From: Andreas Bogk <email address hidden>
Resent-To: <email address hidden>
Resent-CC: Christoph Martin <email address hidden>
Resent-Date: Thu, 16 Jun 2005 13:18:01 UTC
Resent-Message-ID: <email address hidden>
X-Debian-
X-Debian-
X-Debian-
Received: via spool by <email address hidden> id=B.1118927137
(code B ref -1); Thu, 16 Jun 2005 13:18:01 UTC
Received: (at submit) by bugs.debian.org; 16 Jun 2005 13:05:37 +0000
Received: from (homer.
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Diu3t-0003Fv-00; Thu, 16 Jun 2005 06:05:37 -0700
Received: from root by homer.berlin.
for <email address hidden>; Thu, 16 Jun 2005 15:04:29 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-
From: Andreas Bogk <email address hidden>
To: Debian Bug Tracking System <email address hidden>
X-Mailer: reportbug 6763.8
Date: Thu, 16 Jun 2005 15:04:29 +0200
Message-Id: <email address hidden>
Delivered-To: <email address hidden>
X-Spam-
(1.212-
X-Spam-Status: No, hits=-2.599 required=5 tests=BAYES_00 version=3.0.3
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_
autolearn=no version=
X-Spam-Level:
X-Spam-Level:
Resent-Sender: Debian BTS <email address hidden>
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-OriginalArriv
X-Virus-Scanned: by amavisd-new at uni-mainz.de
X-Scanned-By: MIMEDefang 2.51 on 134.93.225.251
X-UID: 6996
X-Keywords: NonJunk
Package: openssl
Version: 0.9.7e-3
Severity: grave
Tags: security
Justification: user security hole
openssl.cnf defaults to usage of MD5 as digest algorithm for generation
of certificates and CAs. MD5 must be considered broken beyond hope,
we're not just talking about theoretical attacks, but attacks feasible
for everybody. X.509 keys with colliding checksums (and thus false
certificates) have been shown. See:
http:// www.cits. rub.de/ MD5Collisions/
for another example.
Unfortunately, there seem to be problems with RIPEMD160 in practice
(e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
the only reasonable choice at the moment is SHA-1, even though SHA-1 has
been theoretically weakend already, and RIPEMD160 would be preferable.
I suggest adding
default_md: sha-1
in the req and ca sections of openssl.cnf, and talking the upstream
maintainers into supporting SHA-384 or SHA-512.
-- System Information: en_GB.UTF- 8 (charmap=UTF-8)
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=
Versions of packages openssl depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
-- no debconf information
------- ------- 030205020607040 602040209- -
------- ------- enigAC5FE4DF508 3A6A17B776F12 pgp-signature; name="signature .asc" Description: OpenPGP digital signature Disposition: attachment; filename= "signature. asc"
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE----- enigmail. mozdev. org
ih7XOVJcRAlV9AJ 9ohMryrdoavtk/ DXFpShpajSScyQC eJz5d nirqixIv+ A=
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://
iD8DBQFCuVepgeV
QVGiZ35XqEjb/
=m1aX
-----END PGP SIGNATURE-----
------- ------- enigAC5FE4DF508 3A6A17B776F12- -