CA.pl and openssl.cnf default to insecure MD5 digest
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Debian) |
Fix Released
|
Unknown
|
|||
openssl (Ubuntu) |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Automatically imported from Debian bug report #314465 http://
In Debian Bug tracker #314465, Christoph Martin (martin-uni-mainz) wrote : [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest] | #1 |
In Debian Bug tracker #314465, Christoph Martin (martin-uni-mainz) wrote : [Fwd: [openssl.org #1128] [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest]] | #2 |
--
=======
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
The default digest in 0.9.8 and the cvs head is SHA-1
(we didn't change 0.9.7 as we didn't want to break existing
implementations depending on the default digest being MD5).
About SHA-256 etc. : they are included in the soon to
appear 0.9.8.
Cheers,
Nils
Debian Bug Importer (debzilla) wrote : | #3 |
Automatically imported from Debian bug report #314465 http://
Debian Bug Importer (debzilla) wrote : | #4 |
Message-Id: <email address hidden>
Date: Thu, 16 Jun 2005 15:04:29 +0200
From: Andreas Bogk <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CA.pl and openssl.cnf default to insecure MD5 digest
Package: openssl
Version: 0.9.7e-3
Severity: grave
Tags: security
Justification: user security hole
openssl.cnf defaults to usage of MD5 as digest algorithm for generation
of certificates and CAs. MD5 must be considered broken beyond hope,
we're not just talking about theoretical attacks, but attacks feasible
for everybody. X.509 keys with colliding checksums (and thus false
certificates) have been shown. See:
http://
for another example.
Unfortunately, there seem to be problems with RIPEMD160 in practice
(e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
the only reasonable choice at the moment is SHA-1, even though SHA-1 has
been theoretically weakend already, and RIPEMD160 would be preferable.
I suggest adding
default_md: sha-1
in the req and ca sections of openssl.cnf, and talking the upstream
maintainers into supporting SHA-384 or SHA-512.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=
Versions of packages openssl depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
-- no debconf information
Debian Bug Importer (debzilla) wrote : | #5 |
Message-ID: <email address hidden>
Date: Wed, 22 Jun 2005 14:20:51 +0200
From: Christoph Martin <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest]
-------
Content-Type: multipart/mixed;
boundary=
This is a multi-part message in MIME format.
-------
Content-Type: text/plain; charset=ISO-8859-1
Content-
Hi folks,
can you please comment on this bug report I got via the Debian
bug-tracking system. This is the first time, that I heard someone saying
that the theoretical weekness of md5 is a real security hole.
Christoph
--
=======
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------
Content-Type: message/rfc822; name="Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest"
Content-
Content-
filename=
Return-Path: <email address hidden>
Received: from mailgate1.
by wintermute.
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200
Received: from exfront01.
by mailgate1.
for <email address hidden>; Thu, 16 Jun 2005 15:23:14 +0200 (CEST)
Received: from spamgate1.
Microsoft SMTPSVC(
Received: from mailgate2.
by spamgate1.
for <email address hidden>; Thu, 16 Jun 2005 15:23:08 +0200 (MEST)
Received: from spohr.debian.org (spohr.debian.org [140.211.166.43])
by mailgate2.
for <email address hidden>; Thu, 16 Jun 2005 15:23:07 +0200 (CEST)
Received: from debbugs by spohr.debian.org with local (Exim 3.35 1 (Debian))
id 1DiuFu-00070o-00; Thu, 16 Jun 2005 06:18:02 -0700
X-Loop: <email address hidden>
Subject: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest
Reply-To: Andreas Bogk <email address hidden>, <email address hidden>
Resent-From: Andreas Bogk <email address hidden>
Resent-To: <email address hidden>
Resent-CC: Christoph Martin <email address hidden>
Resent-Date: Thu, 16 Jun 2005 13:18:01 UTC
Resent-Message-ID: <email address hidden>
X-Debian-
X-Debian-
X-Debian-
Received: via spool by <email address hidden> id=B.1118927137
...
Debian Bug Importer (debzilla) wrote : | #6 |
Message-ID: <email address hidden>
Date: Thu, 23 Jun 2005 10:32:34 +0200
From: Christoph Martin <email address hidden>
To: <email address hidden>
Subject: [Fwd: [openssl.org #1128] [Fwd: Bug#314465: CA.pl and openssl.cnf
default to insecure MD5 digest]]
-------
Content-Type: multipart/mixed;
boundary=
This is a multi-part message in MIME format.
-------
Content-Type: text/plain; charset=ISO-8859-15
Content-
--
=======
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------
Content-Type: message/rfc822;
name="[openssl.org #1128] [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecureMD5
digest]"
Content-
Content-
filename=
digest]"
Return-Path: <email address hidden>
Received: from mailgate2.
by wintermute.
for <email address hidden>; Thu, 23 Jun 2005 09:26:06 +0200
Received: from exfront01.
by mailgate2.
for <email address hidden>; Thu, 23 Jun 2005 09:26:06 +0200 (CEST)
Received: from spamgate2.
Microsoft SMTPSVC(
Received: from mailgate1.
by spamgate2.
for <email address hidden>; Thu, 23 Jun 2005 09:26:01 +0200 (MEST)
Received: from serv01.
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mailgate1.
for <email address hidden>; Thu, 23 Jun 2005 09:26:01 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by serv01.
Thu, 23 Jun 2005 09:25:56 +0200 (METDST)
Received: by serv01.
id 8784A2C58; Thu, 23 Jun 2005 09:25:52 +0200 (METDST)
X-RT-Loop-
Message-Id: <email address hidden>
Subject: [openssl.org #1128] [Fwd: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest]
In-Reply-To: <email address hidden>
Managed-BY: RT 2.0.15 (http://
From: "Nils Larsch via RT" <email address hidden>
RT-Ticket: openssl.org #1128
X-Mailer: Perl5 Mail::Internet v1.33
Reply-To: <email address hidden>
Precedence: bulk
RT-Originator: <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Sender: <pos...
Martin Pitt (pitti) wrote : | #7 |
It is still not entirely clear how much would break if we change the default. We
should do this in Breezy for now and wait a bit before changing this in stables
(if it is required at all).
Martin Pitt (pitti) wrote : | #8 |
openssl (0.9.7g-1ubuntu1) breezy; urgency=low
.
* apps/openssl.cnf: Change CA and req default message digest algorithm to
SHA-1 since MD5 is deemed insecure. (Ubuntu #13593)
Leaving open as a reminder to check if we really need to fix this in stables.
Martin Pitt (pitti) wrote : | #9 |
stables fixed in USN-179-1.
In Debian Bug tracker #314465, Christoph Martin (martin-uni-mainz) wrote : Re: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest | #10 |
severity 314465 important
quit
Version 0.9.8 will fix this bug. The defautl will be SHA1 and SHA-256
etc. will be included.
I downgrade the severity temporarily to important to allow Version 0.9.7
to enter testing before I upload the new upstream 0.9.8.
Christoph
Andreas Bogk schrieb:
> Package: openssl
> Version: 0.9.7e-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> openssl.cnf defaults to usage of MD5 as digest algorithm for generation
> of certificates and CAs. MD5 must be considered broken beyond hope,
> we're not just talking about theoretical attacks, but attacks feasible
> for everybody. X.509 keys with colliding checksums (and thus false
> certificates) have been shown. See:
>
> http://
>
> for another example.
>
> Unfortunately, there seem to be problems with RIPEMD160 in practice
> (e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
> the only reasonable choice at the moment is SHA-1, even though SHA-1 has
> been theoretically weakend already, and RIPEMD160 would be preferable.
> I suggest adding
>
> default_md: sha-1
>
> in the req and ca sections of openssl.cnf, and talking the upstream
> maintainers into supporting SHA-384 or SHA-512.
>
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-686
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=
>
> Versions of packages openssl depends on:
> ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
> ii libssl0.9.7 0.9.7e-3 SSL shared libraries
>
> -- no debconf information
--
=======
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
Debian Bug Importer (debzilla) wrote : | #11 |
Message-ID: <email address hidden>
Date: Wed, 14 Sep 2005 10:13:50 +0200
From: Christoph Martin <email address hidden>
To: Andreas Bogk <email address hidden>, <email address hidden>
CC: <email address hidden>
Subject: Re: Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest
-------
Content-Type: text/plain; charset=ISO-8859-1
Content-
severity 314465 important
quit
Version 0.9.8 will fix this bug. The defautl will be SHA1 and SHA-256
etc. will be included.
I downgrade the severity temporarily to important to allow Version 0.9.7
to enter testing before I upload the new upstream 0.9.8.
Christoph
Andreas Bogk schrieb:
> Package: openssl
> Version: 0.9.7e-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> openssl.cnf defaults to usage of MD5 as digest algorithm for generation
> of certificates and CAs. MD5 must be considered broken beyond hope,
> we're not just talking about theoretical attacks, but attacks feasible
> for everybody. X.509 keys with colliding checksums (and thus false
> certificates) have been shown. See:
>
> http://
>
> for another example.
>
> Unfortunately, there seem to be problems with RIPEMD160 in practice
> (e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
> the only reasonable choice at the moment is SHA-1, even though SHA-1 has
> been theoretically weakend already, and RIPEMD160 would be preferable.
> I suggest adding
>
> default_md: sha-1
>
> in the req and ca sections of openssl.cnf, and talking the upstream
> maintainers into supporting SHA-384 or SHA-512.
>
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-686
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=
>
> Versions of packages openssl depends on:
> ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
> ii libssl0.9.7 0.9.7e-3 SSL shared libraries
>
> -- no debconf information
--
=======
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://
iD8DBQFDJ9u+
6c4Fpu0u4l0HzSF
=a0+r
-----END PGP SIGNATURE-----
-------
In Debian Bug tracker #314465, Kurt Roeckx (kurt-roeckx) wrote : | #12 |
Can this be closed now that 0.9.8 has made it to the archive?
Kurt
Debian Bug Importer (debzilla) wrote : | #13 |
Message-ID: <email address hidden>
Date: Tue, 1 Nov 2005 20:51:13 +0100
From: Kurt Roeckx <email address hidden>
To: <email address hidden>
Subject: Re: CA.pl and openssl.cnf default to insecure MD5 digest
Can this be closed now that 0.9.8 has made it to the archive?
Kurt
In Debian Bug tracker #314465, Christoph Martin (martin-uni-mainz) wrote : Re: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest | #14 |
Hi Kurt,
Kurt Roeckx schrieb:
> Can this be closed now that 0.9.8 has made it to the archive?
I don't think so. The bug is still present in sarge and will not be
fixed. It should stay open until sarge is obsolete and should have a tag
sarge and wontfix.
Christoph
--
=======
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
Debian Bug Importer (debzilla) wrote : | #15 |
Message-ID: <email address hidden>
Date: Wed, 02 Nov 2005 09:38:59 +0100
From: Christoph Martin <email address hidden>
To: <email address hidden>,
"Package Development List for OpenSSL packages." <email address hidden>
Subject: Re: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf default
to insecure MD5 digest
-------
Content-Type: text/plain; charset=ISO-8859-1
Content-
Hi Kurt,
Kurt Roeckx schrieb:
> Can this be closed now that 0.9.8 has made it to the archive?
I don't think so. The bug is still present in sarge and will not be
fixed. It should stay open until sarge is obsolete and should have a tag
sarge and wontfix.
Christoph
--
=======
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://
iD8DBQFDaHsogeV
7IrPDeHv2oiQBva
=cZE3
-----END PGP SIGNATURE-----
-------
In Debian Bug tracker #314465, Kurt Roeckx (kurt-roeckx) wrote : Re: Bug#314465: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest | #16 |
On Wed, Nov 02, 2005 at 09:38:59AM +0100, Christoph Martin wrote:
> Hi Kurt,
>
> Kurt Roeckx schrieb:
> > Can this be closed now that 0.9.8 has made it to the archive?
>
> I don't think so. The bug is still present in sarge and will not be
> fixed. It should stay open until sarge is obsolete and should have a tag
> sarge and wontfix.
The proper way to do this would be to close it with the proper
version. It will still be marked as existing in sarge.
Kurt
Debian Bug Importer (debzilla) wrote : | #17 |
Message-ID: <email address hidden>
Date: Wed, 2 Nov 2005 17:50:50 +0100
From: Kurt Roeckx <email address hidden>
To: Christoph Martin <email address hidden>, <email address hidden>,
"Package Development List for OpenSSL packages." <email address hidden>
Subject: Re: Bug#314465: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf default to insecure
MD5 digest
On Wed, Nov 02, 2005 at 09:38:59AM +0100, Christoph Martin wrote:
> Hi Kurt,
>
> Kurt Roeckx schrieb:
> > Can this be closed now that 0.9.8 has made it to the archive?
>
> I don't think so. The bug is still present in sarge and will not be
> fixed. It should stay open until sarge is obsolete and should have a tag
> sarge and wontfix.
The proper way to do this would be to close it with the proper
version. It will still be marked as existing in sarge.
Kurt
In Debian Bug tracker #314465, Christoph Martin (martin-uni-mainz) wrote : [Fwd: Bug#314465: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf default to insecure MD5 digest] | #18 |
version 0.9.8-1
--
=======
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
On Wed, Nov 02, 2005 at 09:38:59AM +0100, Christoph Martin wrote:
> Hi Kurt,
>
> Kurt Roeckx schrieb:
> > Can this be closed now that 0.9.8 has made it to the archive?
>
> I don't think so. The bug is still present in sarge and will not be
> fixed. It should stay open until sarge is obsolete and should have a tag
> sarge and wontfix.
The proper way to do this would be to close it with the proper
version. It will still be marked as existing in sarge.
Kurt
_______
Pkg-openssl-devel mailing list
<email address hidden>
http://
Debian Bug Importer (debzilla) wrote : | #19 |
Message-ID: <email address hidden>
Date: Thu, 03 Nov 2005 09:35:59 +0100
From: Christoph Martin <email address hidden>
To: <email address hidden>
Subject: [Fwd: Bug#314465: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf
default to insecure MD5 digest]
-------
Content-Type: multipart/mixed;
boundary=
This is a multi-part message in MIME format.
-------
Content-Type: text/plain; charset=ISO-8859-1
Content-
version 0.9.8-1
--
=======
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------
Content-Type: message/rfc822;
name="Bug#314465: [Pkg-openssl-devel] Bug#314465: CA.pl and openssl.cnf defaultto insecure
MD5 digest"
Content-
Content-
openssl.cnf defaultto insecure MD5 digest"
Return-Path: <email address hidden>
Received: from mailgate1.
by wintermute.
for <email address hidden>; Wed, 2 Nov 2005 21:28:23 +0100
Received: from exfront01.
by mailgate1.
for <email address hidden>; Wed, 2 Nov 2005 21:28:22 +0100 (CET)
Received: from spamgate01.
Microsoft SMTPSVC(
Received: from haydn.debian.org ([192.25.206.28])
by spamgate01.
X-IronPort-
X-IronPort-
X-IronPort-AV: i="3.97,
d="scan'208"; a="2608164:
Received: from localhost ([127.0.0.1]:56558 helo=haydn.
by haydn.debian.org with esmtp (Exim 4.50)
id 1EXP1Z-0000pZ-7h; Wed, 02 Nov 2005 20:16:01 +0000
Received: from spohr.debian.org ([140.211.
by haydn.debian.org with esmtp (Exim 4.50) id 1EXP1T-0000p6-MG
for <email address hidden>; Wed, 02 Nov 2005 20:15:53 +0000
Received: from debbugs by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EXP1S-0006wT-00; Wed, 02 Nov 2005 12:15:50 -0800
X-Loop: <email address hidden>
Resent-From: Kurt Roeckx <email address hidden>
Resent-To: <email address hidden>
Resent-CC: Debian OpenSSL Team <email address hidden>
Resent-Date: Wed, 02 Nov 2005 20:15:49 UTC
Resent-Message-ID: <email address hidden>
X-Debian-
X-Debian-
X-Debian-
Received: via spool by <email address hidden> id=B314465.
In Debian Bug tracker #314465, Kurt Roeckx (kurt-roeckx) wrote : | #20 |
reopen 314465
close 314465 0.9.8-1
thanks
It seems you've used "version 0.9.8-1", intead of
"Version: 0.9.8-1". It wasn't marked as fixed in 0.9.8-1.
Kurt
Debian Bug Importer (debzilla) wrote : | #21 |
Message-ID: <email address hidden>
Date: Thu, 3 Nov 2005 18:02:15 +0100
From: Kurt Roeckx <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: Re: CA.pl and openssl.cnf default to insecure MD5 digest
reopen 314465
close 314465 0.9.8-1
thanks
It seems you've used "version 0.9.8-1", intead of
"Version: 0.9.8-1". It wasn't marked as fixed in 0.9.8-1.
Kurt
IronPort Encryption Gateway (unlockiphonehq) wrote : | #22 |
<a href="http://
IronPort Encryption Gateway (unlockiphonehq) wrote : | #23 |
The IronPort Encryption Appliance is the most comprehensive email encryption gateway on the market.
Hi folks,
can you please comment on this bug report I got via the Debian
bug-tracking system. This is the first time, that I heard someone saying
that the theoretical weekness of md5 is a real security hole.
Christoph ======= ======= ======= ======= ======= ======= ======= ======= ======= ======
--
=======
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: <email address hidden>
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
Package: openssl
Version: 0.9.7e-3
Severity: grave
Tags: security
Justification: user security hole
openssl.cnf defaults to usage of MD5 as digest algorithm for generation
of certificates and CAs. MD5 must be considered broken beyond hope,
we're not just talking about theoretical attacks, but attacks feasible
for everybody. X.509 keys with colliding checksums (and thus false
certificates) have been shown. See:
http:// www.cits. rub.de/ MD5Collisions/
for another example.
Unfortunately, there seem to be problems with RIPEMD160 in practice
(e.g. the Debian Thunderbird package doesn't understand RIPEMD160). So
the only reasonable choice at the moment is SHA-1, even though SHA-1 has
been theoretically weakend already, and RIPEMD160 would be preferable.
I suggest adding
default_md: sha-1
in the req and ca sections of openssl.cnf, and talking the upstream
maintainers into supporting SHA-384 or SHA-512.
-- System Information: en_GB.UTF- 8 (charmap=UTF-8)
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=
Versions of packages openssl depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
-- no debconf information