md4 should be deprecated
Bug #429907 reported by
georgi
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls26 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
openssl (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
openssl s_client and konqueror seem to accept md4 signatures.
IMO md4 is weak - there is preimage attack [1] of 2 rounds 7 steps in 8 hours (the full md4 is 3 rounds == 48 steps == 2 rounds 16 steps.
having in mind the 8 hours attack is by m$, i am inclined to believe an attack by skilful attacker will take seconds.
note that it is irrelevant if any CA issues new md4 certs - it is enough to have old valid md4 signature.
[1] http://
Inversion Attacks on Secure Hash Functions using Sat Solvers
affects: | ubuntu → openssl (Ubuntu) |
description: | updated |
summary: |
- md4 may be f*cked soon + md4 should be deprecated |
Changed in openssl (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in gnutls26 (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
To post a comment you must log in.
FYI NSS (and firefox) reject signature with md4 hash