[Rpm-maint] Porting RPM to Sequoia PGP

Michael Schroeder mls at suse.de
Wed Nov 3 09:55:22 UTC 2021


On Tue, Nov 02, 2021 at 03:47:52PM +0100, Justus Winter wrote:
> My point is the following.  If RPM relies on policies enforced by the
> underlying crypto libraries, such as FIPS, and there is no additional
> mechanism in RPM, then RPM is unfortunately not following best practices
> when it comes to sunsetting insecure hash algorithms.

Yes, sure. That's why I proposed to add a macro that defines the allowed
algorithms.

The attack vector is that someone takes the signature from an old rpm
signed with the SUSE key and SHA1 and puts it on some carfully
crafted new rpm that happens to hash to the same value, i.e. a
preimage attack on the hash.

Cheers,
  Michael.

-- 
Michael Schroeder          SUSE Software Solutions Germany GmbH
mls at suse.de      GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}


More information about the Rpm-maint mailing list