quassel-core generates an insecure certificate upon installation

Bug #1455990 reported by Michael Marley on 2015-05-17
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
quassel (Ubuntu)
Undecided
Unassigned

Bug Description

After installation, quassel-core generates a 1024-bit certificate using the SHA1 hash. Both of these are considered deprecated and somewhat insecure. The attached patch updates the postinst script to generate a 4096-bit certificate using the SHA256 hash instead.

The SHA256 certificate will not cause any compatibility problems because OpenSSL 1.0.0 and later support SHA256 certificates. All supported versions of Ubuntu and Debian have at least 1.0.1 and the supported Windows and Mac builds of Quassel are additionally compiled with a recent enough version to support the SHA256 certificate.

Related branches

Michael Marley (mamarley) wrote :
summary: - Quasselcore generates an insecure certificate upon installation
+ quassel-core generates an insecure certificate upon installation

The attachment "certificate.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Luke Faraone (lfaraone) on 2015-05-18
information type: Public → Public Security
Felix Geyer (debfx) wrote :

As it's self signed certificate the signature hash algorithm doesn't matter much.
4096 bit seems a bit excessive, no?

Slightly offtopic:
Quassel stores the md5sum of certs the user has accepted. That's probably a bad idea.

Michael Marley (mamarley) wrote :

While having a 4096-bit certificate is not necessary in order to be secure, its only disadvantages are taking longer to generate (which I don't think is much of an issue because it doesn't get regenerated very often) and taking slightly longer for the handshake (which is practically negligible on modern computers).

Yes, saving the md5 of the accepted certs is a bad idea. I will fix that.

On Monday, May 18, 2015 09:14:12 PM you wrote:
> While having a 4096-bit certificate is not necessary in order to be
> secure, its only disadvantages are taking longer to generate (which I
> don't think is much of an issue because it doesn't get regenerated very
> often) and taking slightly longer for the handshake (which is
> practically negligible on modern computers).
>
> Yes, saving the md5 of the accepted certs is a bad idea. I will fix
> that.

People run quassel cores on very minimal systems and so I don't think you can
say it's necessarily negligible. If the work someone is doing is so sensitive
that a 2048 bit key is not sufficient, then it probably shouldn't be on IRC.
2048 bit keys are sufficient that there's usually easier ways to get the
information [1]. Let's not go overboard.

[1] https://xkcd.com/538/

Michael Marley (mamarley) wrote :

OK, here is a patch for 2048-bit certificates. I also discovered that OpenSSL generates the SHA256 hash automatically now, so there is no need to specify that explicitly.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quassel - 0.12.2-0ubuntu1

---------------
quassel (0.12.2-0ubuntu1) wily; urgency=medium

  * Generate a 2048-bit cert. (LP: #1455990)

 -- Michael Marley <email address hidden> Sun, 17 May 2015 18:58:08 -0400

Changed in quassel (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers