FYI (found on Apache infra ML)
From: "Robert Burrell Donkin" <[email protected]>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NIST advises [1] that SHA1 should be EOL'd by the end of 2010. Recent
research[2] has revealed vulnerabilities in SHA1.
DSA requires a 160bit hash with SHA1 the most common choice. DSA has a
1024bit key length. This is considered too short[4] now with 4096 bits
being better but 8192 preferrable. Most digital signatures - including
many of those which secure the WOT[3] and Apache releases- use SHA1 and
DSA keys.
Debian are preparing to start transitioning away from DSA and SHA1[5]
towards longer keys. IMO Apache should think about how to do the same.
opinions?
some particular issues for apache:
* we ask for MD5 and SHA1 hashes, both of which now have known
vulnerabilities
* by end of 2010, keys of 1024 bits should no longer be considered
secure and will need to be revoked
* by end of 2010, all WOT links signed using SHA1 should be considered
insecure (and that's most of them)
* by end of 2010, signatures by 1024 bit keys should no longer be
considered secure and many of the keys that made them will have been revoked
i've started an issue[6] to track any actions apache needs to take. this
also has attached the results of a baseline scan i ran against
archive.apache.org.
- - robert
[1] See http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf
[2] See
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
[3] Web Of Trust
[4] Applied Cryptography, Long Range Factor Predications
[5] http://www.debian-administration.org/users/dkg/weblog/48
[6] https://issues.apache.org/jira/browse/INFRA-2042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoC4BAACgkQQ617goCdfgNiuQCeLgbNoo82v+AFTLp3YD9DbKPD
OX8AoKcto++UaybAtNr4Tt3F+CH5J1iW
=StHh
-----END PGP SIGNATURE-----
