Re: [PATCH 0/2] crypto: remove MD4 generic shash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2021-08-18 at 22:18 -0700, Eric Biggers wrote:

> I'm not sure you understand how embarrassing it is to still be using
> these
> algorithms.  MD4 has been broken for over 25 years, and better
> algorithms have
> been recommended for 29 years.  Similarly MD5 has been broken for 16
> years and
> better algorithms have been recommended for 25 years (though granted,
> HMAC-MD5
> is more secure than plain MD5 when properly used).  Meanwhile SHA-2
> is 20 years
> old and is still considered secure.  So this isn't something that
> changes every
> month -- we're talking about no one bothering to do anything in 30
> years.
> 
> Of course, if cryptography isn't actually applicable to the use case,
> then
> cryptography shouldn't be used at all.

I'm sorry that Samba - or the Kernel, you could implement whatever is
desired between cifs.ko and kcifsd -  hasn't gone it alone to build a
new peer-to-peer mechanism, but absent a Samba-only solution Microsoft
has been asked and has no intention of updating NTLM, so embarrassing
or otherwise this is how it is.

Thankfully only the HMAC-MD5 step in what you mention is
cryptographically significant, the rest are just very lossy compression
algorithms.  

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux