RE: [EXTERNAL] Re: MD5 and FIPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 

 

From: Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx>
Sent: Wednesday, February 1, 2023 1:41 PM
To: Sands, Daniel <dnsands@xxxxxxxxxx>
Cc: openssl-users@xxxxxxxxxxx
Subject: [EXTERNAL] Re: MD5 and FIPS

 

You don't often get email from phill@xxxxxxxxxxxxxxx. Learn why this is important

Check out the recent vulnerability the NSA discovered in Microsoft CAPI, the attack uses an MD5 collision to introduce corrupted data into a cache.

 

This is the correct behavior and it is specified for good reason. If there is a FIPS requirement, it very likely prohibits MD5.

 

This is one of the many reasons we try to eliminate use of MD5 in specifications.

 

 

I know about the MD5 collision vulnerability and why it’s been downgraded from SECURE applications.  I am not talking about a secure application of MD5.  I am talking about file hashing for reasonable assurance that the file has not been corrupted by natural occurrences or transmission errors.  We don’t even provide secret keying information, so it would be trivial for an “attacker” in this situation to simply hash the new contents and replace the checksum if so desired.  That is true even if SHA512 were chosen.  So as I say, this is not within the scope of FIPS.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux