On Thu, Oct 28, 2021 at 11:17 AM Justus Winter <jus...@sequoia-pgp.org> wrote:
>
> Panu Matilainen <pmati...@redhat.com> writes:
>
> >> https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5
> >>
> >> - accepts MD5 signatures !!!
> >>
> >> https://tests.sequoia-pgp.org/rpmsop.html#Signature_over_the_shattered_collision
> >>
> >> - accepts SHA1 signatures !!!
> >
> > Rpm needs to be able to work with content from the nineties, when MD5
> > was still the hottest thing around, ditto with SHA1.
>
> Contemporary versions of RPM need to work with content from the
> nineties?  I find that hard to believe.
>

I still sometimes deal with RPMs created in the early 2000s, it's not
terribly hard to believe people wind up working with older stuff. Lots
of old Linux games were released as RPMs back in the 90s too.

> > At least openssl backend supports FIPS mode, which is where these get
> > rejected as expected nowadays.
>
> FIPS mode as in /proc/sys/crypto/fips_enabled?  Or is there another
> mechanism for openssl or RPM?  What about the security of systems that
> are not in FIPS mode?
>
> In my opinion, these signatures should be rejected by RPM.  If working
> with nineties material is really a thing, the user should explicitly
> opt-into these unsafe algorithms.
>

I believe Panu has been adding (or already has added?) a knob to RPM
specifically for that purpose. But upstream RPM still defaults to
permitting them, though some downstreams may have changed this
behavior (I think RHEL did, for example).



-- 
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to