Hey, There should not be any issues changing the default to SHA1, that was an already tested configuration. However a change to SHA256 would require some testing, as some constants might be missing (or did not even exists back in 2003 ;-).
Sebastien On Tue, Dec 15, 2015 at 2:28 PM, Eric Lawrence <bay...@gmail.com> wrote: > As far as I know, all systems that support MD5 Authenticode signatures > also support SHA1 signatures, so breakage from this change seems quite > unlikely. > > (Alas, this is not true of SHA256, which is only supported on modern > versions of Windows, and not presently supported by signcode.exe at all). > > On Tue, Dec 15, 2015 at 1:12 PM, Alexander Köplinger < > alexander.koeplin...@xamarin.com> wrote: > >> I like it. Does changing the default have any backwards compatibility >> issues? >> >> Looks like the default comes from >> https://github.com/mono/mono/blob/b7a308f660de8174b64697a422abfc7315d07b8c/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs#L80 >> so >> we’d need to decide if we should change it there or make a targeted fix >> just for signcode. >> >> - Alex >> >> Am 15.12.2015 um 20:00 schrieb Eric Lawrence <bay...@gmail.com>: >> >> (resend, as Miguel suggested I should join the list) >> >> Today, the signcode application distributed with Mono defaults to using >> MD5 for Authenticode signing. This has resulted in vulnerable signatures on >> at least two broadly distributed projects (CoPilot and WordPress Desktop; >> see http://textslashplain.com/2015/12/15/hashes-and-code-signing/). >> >> MD5 signatures are dangerous because the collision attacks against MD5 >> get better and cheaper with each passing day, and any MD5 signature is >> vulnerable to abuse for the lifetime of the signing certificate—the package >> WordPress signed last week could be exploited until 11/21/2018 unless >> Automattic is willing to revoke their signing certificate before that time >> (costly). >> >> SHA1 is considerably stronger than MD5 and signcode already supports it; >> it just needs to be made default. The command line argument (-a md5) could >> be used for anyone that really needs an MD5 signature for any reason. >> >> Thanks for your consideration! >> >> -Eric Lawrence >> _______________________________________________ >> Mono-devel-list mailing list >> Mono-devel-list@lists.ximian.com >> http://lists.ximian.com/mailman/listinfo/mono-devel-list >> >> >> > > > -- > Eric Lawrence > Bayden Systems > http://www.bayden.com > > _______________________________________________ > Mono-devel-list mailing list > Mono-devel-list@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/mono-devel-list > >
_______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
