[Freeipa-devel] MD5 certificate fingerprints removal

Tomas Krizek tkrizek at redhat.com
Wed Feb 22 12:41:22 UTC 2017 

On 02/22/2017 12:28 AM, Fraser Tweedale wrote:
> On Tue, Feb 21, 2017 at 05:23:07PM +0100, Standa Laznicka wrote:
>> On 02/21/2017 04:24 PM, Tomas Krizek wrote:
>>> On 02/21/2017 03:23 PM, Rob Crittenden wrote:
>>>> Standa Laznicka wrote:
>>>>> Hello,
>>>>>
>>>>> Since we're trying to make FreeIPA work in FIPS we got to the point
>>>>> where we need to do something with MD5 fingerprints in the cert plugin.
>>>>> Eventually we came to a realization that it'd be best to get rid of them
>>>>> as a whole. These are counted by the framework and are not stored
>>>>> anywhere. Note that alongside with these fingerprints SHA1 fingerprints
>>>>> are also counted and those are there to stay.
>>>>>
>>>>> The question for this ML is, then - is it OK to remove these or would
>>>>> you rather have them replaced with SHA-256 alongside the SHA-1? MD5 is a
>>>>> grandpa and I think it should go.
>>>> I based the values displayed on what certutil displayed at the time (7
>>>> years ago). I don't know that anyone uses these fingerprints. The
>>>> OpenSSL equivalent doesn't include them by default.
>>>>
>>>> You may be able to deprecate fingerprints altogether.
>>>>
>>>> rob
>>> I think it's useful to display the certificate's fingerprint. I'm in
>>> favor of removing md5 and adding sha256 instead.
>>>
>> Rob, thank you for sharing the information of where the cert fingerprints
>> are originated! `certutil` shipped with nss-3.27.0-1.3 currently displays
>> SHA-256 and SHA1 fingerprints for certificates so I propose going that way
>> too.
>>
> IMO we should remove MD5 and SHA-1, and add SHA-256.  But we should
> also make no API stability guarantee w.r.t. the fingerprint
> attributes, i.e. to allow us to move to newer digests in future (and
> remove broken/no-longer-secure ones).  We should advise that if a
> customer has a hard requirement on a particular digest that they
> should compute it themselves from the certificate.
>
> Cheers,
> Fraser
What is the motivation to remove SHA-1? Are there any attacks besides
theoretical ones on SHA-1?

Do other libraries already deprecate SHA-1?

-- 
Tomas Krizek


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170222/05c0354a/attachment.sig>

More information about the Freeipa-devel mailing list