On 2009-01-07 at 11:05 -0800, Phil Pennock wrote: > The new hole above looks as though it's useful for a direct > man-in-the-middle, but for as long as you accept certificates where a > path in the trust chain uses MD5 signatures you're also up a dark creek > without a paddle. Expecting users to start checking the hash algorithms > for bank sites, etc, is a definite non-starter. Until the NIST > competition yields a new standard hash algorithm it looks as though > we're using the less-broken SHA1 for certs.
Sorry to follow up to myself, but before pedants start pointing it out: yes, I know we have the SHA2 family of hash functions, such as SHA-256/SHA-512, but in practice AIUI they're not widely supported in older browsers, so a CA which wants to issue widely usable certs has a choice of MD5 or SHA1. My understanding from following what cryptographers write is that the SHA2 stuff is better than SHA1 but has some of the same theoretical basis so there is cause for concern and the current NIST competition could ideally have started sooner. So when checking your certs and replacing MD5 certs, and when checking your code, keep good notes and treat this as a practice run. In the next couple of years, you're likely to need to repeat this at least once, possibly twice (MD5->SHA1->SHA-512->new_SHA3_algorithm). I'm trying to find authoritative sources on which hash algorithms are supported by which browsers, hoping to skip a step and go MD5->SHA-512 or the like; if anyone wants to see the candidates, they're in RFCs 3279 and 4055. 3279 gives us MD2, MD5 and SHA1. 4055 pulls in the PKCS#1 updates (RFC 3447) and allocates the codes for SHA-224, SHA-256, SHA-384 and SHA-512. That happened in 2005. If anyone has pointers to decent information on what is supported by the crypto used in various browsers, that would be appreciated. :) Thanks, -Phil _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
