One more time, I know that someone, somewhere is probably using any given feature of OpenSSL. I am looking to gather information about concrete, actively maintained applications that may be using one of those algorithms, to build a more complete picture. If you are aware of a concrete use of MD2 or any of the other algorithms, please let us know! Thanks, Emilia On Mon, Nov 16, 2015 at 7:25 PM, Hubert Kario <hkario at redhat.com> wrote: > On Monday 16 November 2015 16:51:10 Emilia K?sper wrote: > > IDEA, MD2, MDC2, RC5, RIPEMD, SEED, Whirlpool, binary curves > > > > This isn't of course entirely representative of widespread usage. > > However Google's multi-billion line codebase now builds against > > BoringSSL and therefore largely does not depend on these algorithms. > > Those billions of lines aren't all new and shiny code written in > > 2015, and some of it does have to interoperate with the outside > > world. > > > > And here's the list gone from LibreSSL, from what I can tell: > > > > MD2, MDC2, RC5, SEED > > > > Neither have removed CAST, and there is presumably a good reason for > > that. (PGP?) > > > > It seems to me that these can pretty safely go: > > > > MD2 - (The argument that someone somewhere may want to keep verifying > > old MD2 signatures on self-signed certs doesn't seem like a > > compelling enough reason to me. It's been disabled by default since > > OpenSSL 1.0.0.) MDC2 > > SEED > > RC5 > > > > These could probably stay (C only): > > > > CAST > > IDEA > > RIPEMD (used in Bitcoin?) > > WHIRLPOOL > > > > as well as > > > > BLOWFISH > > MD4 > > RC2 > > > > I am on the fence about the binary curves: I am not aware of any > > usage, really, and it's not about to pick up now. > > I'm afraid you're too focused on TLS/SSL use case. And while it is > important it's not the only use case the OpenSSL does serve. > > And for what it's worth, I'm very much *for* removing as much (and as > fast as possible) support for the old junk (or unused stuff - like > curves < 256 bit) in TLS. Search the archives for "Insecure DEFAULT > cipher set" for an example. > > But stuff like this: > > > The argument that someone somewhere may want to keep verifying > > old MD2 signatures on self-signed certs > > is not true. I was talking about document signatures, time stamps, CRL > signatures and certificate signatures in general. Not the trust anchors > or their self-signatures. > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151116/9d82366e/attachment.html>
