On Mon, 2024-03-25 at 11:12 +0100, Niels Möller wrote: > Hans Leidekker <h...@meelstraat.net> writes: > > > I noticed the arrival of an RSA OAEP implementation in GnuTLS and wanted to > > use > > that to support the algorithm in Wine. Windows supports it using the old > > MD5 and > > SHA1 hash functions, so my question is: would you accept a patch like below > > that > > adds these hashes? > > Hi, > > I'm fine accepting patches for interop with various legacy systems, if > there's a reasonable usecase, but I don't want to add anything with md5 > in it merely for completeness. Can you give a bit more details on your > usecase? Which windows functions do you want to support or interop with? > What will break if you support only the sha2-variants of RSA-OAEP?
This is for BCryptEncrypt/BCryptDecrypt when a BCRYPT_OAEP_PADDING_INFO structure is passed specifying hash and label. It doesn't look like Windows supports sha2 variants here; I get a STATUS_INVALID_PARAMETER error. This was prompted by the DayZ game. I don't know if it uses md5 or sha1, I should ask, but I think it's reasonable to wait and see if md5 is still used. > Despite md5 and sha1 being generally deprecated, I'm not sure about > whether they're considered insecure when used for RSA-OAEP (via > wikipedia, I found this old paper that seems to imply that the > underlying hash function doesn't need to be that strong: > https://eprint.iacr.org/2006/223). That's my understanding as well. _______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se