IETF Logo Mail Archive

Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures?

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 08 January 2020 00:46 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD87120077 for <dcrup@ietfa.amsl.com>; Tue, 7 Jan 2020 16:46:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uawJ6G5EIFml for <dcrup@ietfa.amsl.com>; Tue, 7 Jan 2020 16:46:41 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64562120018 for <dcrup@ietf.org>; Tue, 7 Jan 2020 16:46:41 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 968532AE459; Tue, 7 Jan 2020 19:46:40 -0500 (EST)
Date: Tue, 07 Jan 2020 19:46:40 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dcrup@ietf.org
Message-ID: <20200108004640.GJ73491@straasha.imrryr.org>
Reply-To: dcrup@ietf.org
References: <1836468.B6t98xBJ9D@l5580>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1836468.B6t98xBJ9D@l5580>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/pQQ1hy-e49G3Dp-_dqGT_GZ0Zhg>
Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures?
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2020 00:46:44 -0000

On Tue, Jan 07, 2020 at 06:41:09PM -0500, Scott Kitterman wrote:

> https://sha-mbles.github.io/
> 
> If I'm reading this right, the last excuse that still trusting SHA-1 DKIM 
> signatures is an OK thing to do is gone.  Comments from anyone that really 
> understands thus stuff would be appreciated.

Well, weak DKIM signatures create the possibility of message forgery, where a
signed message from the attacker can later be replaced by another signed
message.  But if the attacker can post messages via your server, he would
in most cases just post the ultimately desired message.

Supposing however that for some reason modified message replay is an appealing
attack, then the attacker needs to be able to mount the SHA-1 chosen-prefix
attack in the context of a line-oriented message transport where arbitrary
binary data can be tricky to embed in the message.

So I don't think there's a crisis that requires drop-everything urgent action,
but indeed this would be a good time to start phasing out SHA-1 signatures,
if you have not done so already.

-- 
    Viktor.

v2.23.0 | Report a Bug | By Email