[mpop-users] support SHA-2 and SHA-3

Sat, 09 Apr 2016 08:53:50 -0700 

Currently, mpop(1) sais for tls_fingerprint:
The fingerprint can be either an SHA1 (recommended) or an MD5 fingerprint in the format 01:23:45:67:.... 

MD5 has been broken since 2008:


Software developers, Certification Authorities, website owners, and 
users should avoid using the MD5 algorithm in any capacity. As 
previous research has demonstrated, it should be considered 
cryptographically broken and unsuitable for further use.


https://www.win.tue.nl/hashclash/rogue-ca/

SHA-1 is also showing its age:


SHA-1 is no longer considered secure against well-funded opponents. In 
2005, cryptanalysts found attacks on SHA-1 suggesting that the 
algorithm might not be secure enough for ongoing use, and since 2010 
many organizations have recommended its replacement by SHA-2 or SHA-3. 
Microsoft, Google and Mozilla have all announced that their respective 
browsers will stop accepting SHA-1 SSL certificates by 2017.


https://en.wikipedia.org/wiki/SHA-1


Currently, trying to use a SHA-256-fingerprint in mpop/msmtp results in 
an error:



mpop: /home/XXX/.mpoprc: line XX: invalid argument 
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 
for command


I propose to:

- implement support for SHA-2 with its six hash functions
- implement support for SHA-3
- drop support for MD5

Thanks, and keep up the awesome work!

--
ilf

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
                -- Eine Initiative des Bundesamtes für Tastaturbenutzung



Attachment:
signature.asc

Description: Digital signature


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________
mpop-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mpop-users






















					Reply via email to