From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: SHA1/MD5 in IPFire
Date: Tue, 03 Mar 2015 17:47:27 +0100 [thread overview]
Message-ID: <1425401247.2721.130.camel@ipfire.org> (raw)
In-Reply-To: <54F42AF7.9070505@web.de>
[-- Attachment #1: Type: text/plain, Size: 1443 bytes --]
Hi,
I replied on the bug instead.
-Michael
On Mon, 2015-03-02 at 10:18 +0100, IT Superhack wrote:
> Hello Development-List,
>
> hi, it's me again.
>
> In the past, some ciphers and algorithms were broken, such as MD5, RC4,
> DES and recently SHA1.
>
> Because those are either weak or insecure, most experts recommend to
> avoid them. But nothing big happend, near all websites still support RC4
> or MD5, some certificates are still signed with SHA1 and so on.
>
> Even in IPFire those are sill used in several categories:
> 1. On downloads.ipfire.org, the checksums use SHA1.
> 2. Until 2.17, the HTTPS certificate IPFire generated was signed with SHA1.
>
> During the last ten minutes, I tried to set up an IPSec connection and
> noticed that some of the used cryptographic technologies are
> weak/insecure, such as:
> 1. The root certificate is RSA-2048 (RSA-4096 is better) and is signed
> with SHA1.
> 2. Road-Warrior-Certificates are RSA-1024 (insecure) and signed with
> MD5, which is also insecure.
> 3. SHA1 and MD5 are allowed for authenticating (see: advanced settings).
>
> Since those endanger secure communication, it would be nice if MD5 & co.
> could be avoided in IPFire.
>
> Many thanks in advance,
> Timmothy Wilson
>
> P.S.: The Bug ID is #10763
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
prev parent reply other threads:[~2015-03-03 16:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-02 9:18 IT Superhack
2015-03-03 16:47 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1425401247.2721.130.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox