Hi,

I replied on the bug instead.

-Michael

On Mon, 2015-03-02 at 10:18 +0100, IT Superhack wrote:
> Hello Development-List,
> 
> hi, it's me again.
> 
> In the past, some ciphers and algorithms were broken, such as MD5, RC4,
> DES and recently SHA1.
> 
> Because those are either weak or insecure, most experts recommend to
> avoid them. But nothing big happend, near all websites still support RC4
> or MD5, some certificates are still signed with SHA1 and so on.
> 
> Even in IPFire those are sill used in several categories:
> 1. On downloads.ipfire.org, the checksums use SHA1.
> 2. Until 2.17, the HTTPS certificate IPFire generated was signed with SHA1.
> 
> During the last ten minutes, I tried to set up an IPSec connection and
> noticed that some of the used cryptographic technologies are
> weak/insecure, such as:
> 1. The root certificate is RSA-2048 (RSA-4096 is better) and is signed
> with SHA1.
> 2. Road-Warrior-Certificates are RSA-1024 (insecure) and signed with
> MD5, which is also insecure.
> 3. SHA1 and MD5 are allowed for authenticating (see: advanced settings).
> 
> Since those endanger secure communication, it would be nice if MD5 & co.
> could be avoided in IPFire.
> 
> Many thanks in advance,
> Timmothy Wilson
> 
> P.S.: The Bug ID is #10763
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development