[erlang-questions] OpenSSL 1.0 removed md2 and this affects Erlang/OTP builds.

Andreas Schultz aschultz@REDACTED
Wed Oct 5 14:43:33 CEST 2011


Hi,

----- Original Message -----
> Just a quick FYI:
[...]
> On the same basis: When do we get to ditch MD5 and SHA1? Both message
> digests are probably going to become problematic. MD5 is already

Not in the foreseeable feature, SSLv3, TLS 1.0 and TLS 1.1 all depend on MD5 and SHA1.
The prf's used in TLS 1.0 and TLS 1.1 use a combination of MD5+SHA1, so this is going to
have to stay for a few more years, probably.
TLS 1.2 replaces the MD5+SHA1 combination with SHA256, but TLS 1.2 is not used very much
at the moment, IMHO not implemented in openssl-1.0 and Erlang's ssl app is currently limited
to TLS-1.0.

> broken for its 2nd preimage resistance to the point where nobody can
> use it for that anymore. SHA1 will follow shortly, there are cracks
> all over the place. We really want an API which is message digest
> agnostic. Something along the lines of:
> 
> -spec crypto:message_digest(digest_algorithm(), iolist()) ->
> digest().
> 
> where digest_algorithm() is md5 | sha1 | sha256 | ... and digest() is
> either integer() or binary() - probably the latter with conversion
> functions to hex-strings and so on, because that format is the common
> one. The rationale for this choice is simple: history shows that most
> cryptographic algorithms breaks down over time - one way or the
> other.

I very much like this. The same scheme should be applied to the HMAC function and the
_init, _update_ and _final version of the hash and HMAC functions should be removed.
They look like leftovers from some C implementation, are not very erlang'ish and at least
hmac_final can even crash the VM.

Andreas

> 
> --
> J.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-179-7654368

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------




More information about the erlang-questions mailing list