oss-sec mailing list archives
Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification)
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Wed, 13 Mar 2013 08:45:17 -0400
steve:The fundamental problem is in the MD5 algorithm itself; any steve:implementation of MD5 will suffer from the same problems. We have steve:multiple CVE identifiers for the various weaknesses of MD5. Any steve:product that uses MD5 is therefore subject to these weaknesses. Multiple? I did a quick search of MD5 from thE CVE database: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=md5 and found only one that *didn't* look tied to a particular implementation. Having said that... tim:I think if an application relies on a cryptographic primitive for a tim:property that it does not provide, or that it is KNOWN to be broken tim:for (such as MD5 or SHA1 with collision resistance), then there should tim:be a CVE assigned. The cat's out of the bag on these things; there'st tim:no excuse to use MD5 for this purpose. The world knows these hashes ...the one CVE I found involving one of the "various weaknesses of MD5" DID involve MD5 collision resistance: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2761 However, the associated text might be misleading -- caps are mine: The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for CONTEXT-DEPENDANT attackers to conduct spoofing attacks, AS DEMONSTRATED BY ATTACKS ON THE USE OF MD5 IN THE SIGNATURE ALGORITHM OF AN X.509 CERTIFICATE. While a careful reading of the text may lead one to conclude "X.509 is just one example of MD5 b0rked-ness", someone who implements MD5 in a non-X.509 cert context might easily gloss over this one. Might it make sense to highlight some of these "fundamental" CVEs that a diverse range of apps might be prone to? Just thinking out loud here... -Mike -- Michael J. O'Connor mjo () dojo mi org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "Make it so they have to reboot after every typo." -the Pointy-Haired One
Attachment:
_bin
Description:
Current thread:
- CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Christey, Steven M. (Mar 12)
- Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Tim (Mar 12)
- Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Mike O'Connor (Mar 13)
- Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Kurt Seifried (Mar 13)
- Re: CVE assignments for "weak" crypto (was CVE Request: MD5 used for Download verification) Tim (Mar 12)