Date: Wed, 13 Mar 2013 08:45:17 -0400 From: "Mike O'Connor" <mjo@...o.mi.org> To: oss-security@...ts.openwall.com Subject: Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) steve:The fundamental problem is in the MD5 algorithm itself; any steve:implementation of MD5 will suffer from the same problems. We have steve:multiple CVE identifiers for the various weaknesses of MD5. Any steve:product that uses MD5 is therefore subject to these weaknesses. Multiple? I did a quick search of MD5 from thE CVE database: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=md5 and found only one that *didn't* look tied to a particular implementation. Having said that... tim:I think if an application relies on a cryptographic primitive for a tim:property that it does not provide, or that it is KNOWN to be broken tim:for (such as MD5 or SHA1 with collision resistance), then there should tim:be a CVE assigned. The cat's out of the bag on these things; there'st tim:no excuse to use MD5 for this purpose. The world knows these hashes ...the one CVE I found involving one of the "various weaknesses of MD5" DID involve MD5 collision resistance: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2761 However, the associated text might be misleading -- caps are mine: The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for CONTEXT-DEPENDANT attackers to conduct spoofing attacks, AS DEMONSTRATED BY ATTACKS ON THE USE OF MD5 IN THE SIGNATURE ALGORITHM OF AN X.509 CERTIFICATE. While a careful reading of the text may lead one to conclude "X.509 is just one example of MD5 b0rked-ness", someone who implements MD5 in a non-X.509 cert context might easily gloss over this one. Might it make sense to highlight some of these "fundamental" CVEs that a diverse range of apps might be prone to? Just thinking out loud here... -Mike -- Michael J. O'Connor mjo@...o.mi.org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "Make it so they have to reboot after every typo." -the Pointy-Haired One Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.