On Fri, 2021-10-15 at 10:33 -0500, Michael Catanzaro wrote: > On Fri, Oct 15 2021 at 10:10:38 AM +0200, Björn Persson > <bj...@xn--rombobjrn-67a.se> wrote: > > My question is: Is it true that this usage of SHA-1 makes the TLS > > session weak, so that it's correct to forbid it in the crypto policy? > > Hm, I think Fedora's crypto policy should not be stricter than upstream > Firefox. This should probably be allowed. > > Enterprise distros are intentionally trying to be stricter and > completely remove SHA-1, but Fedora is not an enterprise distro and > breaking websites that work fine everywhere else is not OK for Fedora. > > > Or could it be that Qualys is right? Perhaps SHA-1 is fine for this > > use > > case, even though it's too weak for other use cases, and the crypto > > policy should allow it? > > SHA-1 is blocked in certificate signatures because those can be > attacked offline. Signatures in the TLS handshake are entirely > different. I'm hardly an expert, but I think the attacker only has a > few seconds to generate a hash collision before the user gives up and > closes the browser tab. Spending several months trying to find a > collision is not an option here. Am I wrong?
Session keys are important not just for MiTM attacks, but also for store and decrypt attacks. TLS connections often channel a host of important private information that can be quite valuable even weeks or years after they are transmitted, including credentials. A weak session key will allow store and later decryption of communications, therefore retrieval of sensitive data. HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
