[Bug 429907] Re: md4 should be deprecated
Adrien Nader
429907 at bugs.launchpad.net
Thu May 11 14:55:16 UTC 2023
AFAIU, MD4 is officially deprecated in openssl and it should also be
forbidden with openssl's seclevel.
Right now I actually have troubles finding definitive answers because of
how long this has probably been.
** Changed in: openssl (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/429907
Title:
md4 should be deprecated
Status in gnutls26 package in Ubuntu:
Confirmed
Status in openssl package in Ubuntu:
Fix Released
Bug description:
openssl s_client and konqueror seem to accept md4 signatures.
IMO md4 is weak - there is preimage attack [1] of 2 rounds 7 steps in
8 hours (the full md4 is 3 rounds == 48 steps == 2 rounds 16 steps.
having in mind the 8 hours attack is by m$, i am inclined to believe
an attack by skilful attacker will take seconds.
note that it is irrelevant if any CA issues new md4 certs - it is
enough to have old valid md4 signature.
[1] http://sat07.ecs.soton.ac.uk/slides/kumarasubramanian-sat07-talk.pdf
Inversion Attacks on Secure Hash Functions using Sat Solvers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/429907/+subscriptions
More information about the foundations-bugs
mailing list