[Rpm-maint] Porting RPM to Sequoia PGP
Michael Schroeder
mls at suse.de
Wed Nov 3 09:55:22 UTC 2021
On Tue, Nov 02, 2021 at 03:47:52PM +0100, Justus Winter wrote:
> My point is the following. If RPM relies on policies enforced by the
> underlying crypto libraries, such as FIPS, and there is no additional
> mechanism in RPM, then RPM is unfortunately not following best practices
> when it comes to sunsetting insecure hash algorithms.
Yes, sure. That's why I proposed to add a macro that defines the allowed
algorithms.
The attack vector is that someone takes the signature from an old rpm
signed with the SUSE key and SHA1 and puts it on some carfully
crafted new rpm that happens to hash to the same value, i.e. a
preimage attack on the hash.
Cheers,
Michael.
--
Michael Schroeder SUSE Software Solutions Germany GmbH
mls at suse.de GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
More information about the Rpm-maint
mailing list