Should we settle on one SSL implementation?
Andrew Bartlett
abartlet at samba.org
Wed Oct 24 00:26:28 UTC 2007
On Tue, 2007-10-23 at 10:29 -0700, Robert Relyea wrote:
> Simo Sorce wrote:
> > On Tue, 2007-10-23 at 16:11 +0100, Daniel P. Berrange wrote:
> >
> >> Well for that matter GLibC itself has MD5 in it....
> >>
> >
> > Quick! Make it depend on NSS! :-)
> >
> in progress.;).
> > /simo with 3 packages with the same bug filed I can't possibly fix as
> > NSS simply do not have the relevant algorithms ...
> >
> Which algorithms are missing?
>
> If MD4 is one of the algorithms, We have a plan for that. MD4 is
> fundamentally broken, has been for 10 years. There is only one
> legitimate use of MD4 that I know of and that is support NTLM
> (Microsoft's old NT authentication mechanism). In this case we need a
> common NTLM library that all NTLM users call. Any other use of MD4 needs
> to be identified and potentially squashed. Blind use of MD4 is
> detrimental to the security of our products.
I presume you are going to rework the rsync protocol too?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071024/e68b823a/attachment.sig>
More information about the fedora-devel-list
mailing list