On Tue, Nov 02, 2021 at 03:47:52PM +0100, Justus Winter wrote:
> My point is the following. If RPM relies on policies enforced by the
> underlying crypto libraries, such as FIPS, and there is no additional
> mechanism in RPM, then RPM is unfortunately not following best practices
> when it comes to sunsetting insecure hash algorithms.
Yes, sure. That's why I proposed to add a macro that defines the allowed
algorithms.
The attack vector is that someone takes the signature from an old rpm
signed with the SUSE key and SHA1 and puts it on some carfully
crafted new rpm that happens to hash to the same value, i.e. a
preimage attack on the hash.
Cheers,
Michael.
--
Michael Schroeder SUSE Software Solutions Germany GmbH
m...@suse.de GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
