Re: Microsoft Warns Customers Away From RC4 and SHA-1

[Tim <tim-security () sentinelchicken org>]

On Wed, Nov 13, 2013 at 11:09:10AM -0500, Eric H. Christensen wrote:
> On Wed, Nov 13, 2013 at 07:57:51AM -0800, Tim wrote:
> > > I'm inclined to agree. The question I suppose is, like DES (and
> > > 3DES/MD5) at what point do we start assigning CVE's for some of this?
> > > thoughts and comments welcome.
> >
> > Using a weak encyption algorithm alone isn't a sufficient condition to
> > issue a CVE against software, since often the context of the usage
> > matters a lot.  If you use MD5 or SHA-1 for password hashing (with
> > lots of salt and rounds), then there's no vulnerability.  If you use
> > them for HMACs, then there's also likely no problem.  But if you use
> > them for a signature with a public key, there is.
>
> It's answers like this that make it difficult for non-security-literate system administrators to make good decisions. 
>  I completely understand and agree with what you wrote but I wonder if we're making it harder for people to 
> understand how to protect themselves.
>
> After having many similar conversations with people that manage systems I find that it's usually easier to say "MD5 
> bad, SHA-256 good" and then just walk away.  Perhaps some sort of chart should be published that allows people to 
> make better decisions?

Oh sure, I totally agree with you.  But sysadmins and programmers
don't make the decisions on when to assign a CVE.  My recommendation
here applies to security people trying to decide whether or not to
call the baby ugly.  Once the CVE is published (with a description of
actual risk) , sysadmins can just apply the patch.

tim