GNU bug report logs -
#37420
[PATCH] Recommend against SHA-1 for security-related applications
Previous Next
Reported by: Stefan Kangas <stefan <at> marxist.se>
Date: Mon, 16 Sep 2019 08:54:02 UTC
Severity: normal
Tags: patch
Done: Stefan Kangas <stefan <at> marxist.se>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 37420 in the body.
You can then email your comments to 37420 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Mon, 16 Sep 2019 08:54:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Stefan Kangas <stefan <at> marxist.se>
:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org
.
(Mon, 16 Sep 2019 08:54:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
SHA-1 has now seen collision attacks:
https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
We should clarify that these attacks are not only theoretical, and
actively discourage using it in security-related applications in the
Elisp Manual. The attached patch is an attempt at doing that.
Any comments?
Best regards,
Stefan Kangas
[0001-Recommend-against-SHA-1-for-security-related-applica.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Mon, 16 Sep 2019 11:22:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefan <at> marxist.se> writes:
> We should clarify that these attacks are not only theoretical, and
> actively discourage using it in security-related applications in the
> Elisp Manual. The attached patch is an attempt at doing that.
Looks good to me.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Mon, 16 Sep 2019 20:31:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 37420 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> > We should clarify that these attacks are not only theoretical, and
> > actively discourage using it in security-related applications in the
> > Elisp Manual. The attached patch is an attempt at doing that.
>
> Looks good to me.
Thanks. I thought a bit more about this, and would like to suggest
the attached slightly more ambitious patch which also recommends
against them in the doc strings of sha1, md5 and secure-hash.
(I also changed so the doc strings consistently say SHA-1 instead of
SHA1, which seems to be more correct AFAICT.)
Best regards,
Stefan Kangas
[0001-Recommend-against-SHA-1-and-MD5-for-security.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Mon, 16 Sep 2019 20:35:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefan <at> marxist.se> writes:
> (I also changed so the doc strings consistently say SHA-1 instead of
> SHA1, which seems to be more correct AFAICT.)
Yup.
[...]
> +Note that SHA-1 is not collision resistant and should not be used
> +for anything security-related. See `secure-hash' for
> +alternatives."
Looks good.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Mon, 16 Sep 2019 21:51:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 37420 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> Looks good.
Thanks.
As I was playing around with this a bit more, I also came up with
another patch (attached) to be committed on top of the first one.
This patch adds tests and makes some minor doc fixes.
Best regards,
Stefan Kangas
[0001-Add-tests-for-secure-hash-and-improve-doc-string.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Mon, 16 Sep 2019 22:26:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefan <at> marxist.se> writes:
> +These symbols corresponds to the following hashing algorithms:
> +
> + md5 - MD5
> + sha1 - SHA-1
> + sha224 - SHA-2 / SHA-224
> + sha256 - SHA-2 / SHA-384
> + sha384 - SHA-2 / SHA-384
> + sha512 - SHA-2 / SHA-512
I'm not sure these really clarify all that much? But I don't object to
it.
[...]
> --- a/test/lisp/emacs-lisp/package-resources/archive-contents
> +++ b/test/lisp/emacs-lisp/package-resources/archive-contents
> @@ -1,9 +1,12 @@
> +;; RFC3339 timestamp
> +;; Last-Updated: 2014-01-16T05:43:35.000Z
> (1
> (simple-single .
> [(1 3)
> nil "A single-file package with no dependencies" single
> ((:url . "http://doodles.au")
> - (:keywords quote ("frobnicate")))])
> + (:keywords quote ("frobnicate"))
> + (:hash )])
Hm... is this related?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 05:51:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 37420 <at> debbugs.gnu.org (full text, mbox):
> From: Lars Ingebrigtsen <larsi <at> gnus.org>
> Date: Mon, 16 Sep 2019 22:34:15 +0200
> Cc: 37420 <at> debbugs.gnu.org
>
> Stefan Kangas <stefan <at> marxist.se> writes:
>
> > (I also changed so the doc strings consistently say SHA-1 instead of
> > SHA1, which seems to be more correct AFAICT.)
>
> Yup.
Should we perhaps do something to help those who know this under the
name "SHA1"?
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 06:06:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 37420 <at> debbugs.gnu.org (full text, mbox):
> From: Stefan Kangas <stefan <at> marxist.se>
> Date: Mon, 16 Sep 2019 23:50:33 +0200
> Cc: 37420 <at> debbugs.gnu.org
>
> +These symbols corresponds to the following hashing algorithms:
> +
> + md5 - MD5
> + sha1 - SHA-1
> + sha224 - SHA-2 / SHA-224
> + sha256 - SHA-2 / SHA-384
> + sha384 - SHA-2 / SHA-384
> + sha512 - SHA-2 / SHA-512
Please always use "--" to imply an em-dash in plain text. In this
case, perhaps an even better way would be to explicitly say
"corresponds to".
Thanks.
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 09:10:01 GMT)
Full text and
rfc822 format available.
Message #29 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii <eliz <at> gnu.org> writes:
> > > (I also changed so the doc strings consistently say SHA-1 instead of
> > > SHA1, which seems to be more correct AFAICT.)
> >
> > Yup.
>
> Should we perhaps do something to help those who know this under the
> name "SHA1"?
Is there any risk that some users believe that these would be two
different algorithms? My guess would be no, but I might be wrong.
Best regards,
Stefan Kangas
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 09:19:01 GMT)
Full text and
rfc822 format available.
Message #32 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> > +These symbols corresponds to the following hashing algorithms:
> > +
> > + md5 - MD5
> > + sha1 - SHA-1
> > + sha224 - SHA-2 / SHA-224
> > + sha256 - SHA-2 / SHA-384
> > + sha384 - SHA-2 / SHA-384
> > + sha512 - SHA-2 / SHA-512
>
> I'm not sure these really clarify all that much? But I don't object to
> it.
They would help people like me who don't use this stuff very often and
can't remember which one is SHA-1, SHA-2, SHA-3, etc. Of course, one
could expect users to fire up a web browser and search the web for
details instead. But as it stands, we don't document anywhere that
sha512 is indeed SHA-2 as far as I can tell.
> > --- a/test/lisp/emacs-lisp/package-resources/archive-contents
[...]
> Hm... is this related?
No, please disregard that. I fixed it but then attached the wrong
patch to the email.
Best regards,
Stefan Kangas
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 11:54:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 37420 <at> debbugs.gnu.org (full text, mbox):
> From: Stefan Kangas <stefan <at> marxist.se>
> Date: Tue, 17 Sep 2019 11:09:25 +0200
> Cc: Lars Ingebrigtsen <larsi <at> gnus.org>, 37420 <at> debbugs.gnu.org
>
> > Should we perhaps do something to help those who know this under the
> > name "SHA1"?
>
> Is there any risk that some users believe that these would be two
> different algorithms? My guess would be no, but I might be wrong.
I have no idea, but I personally didn't even know SHA1 has another
name, let alone a more "official" one.
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 12:10:01 GMT)
Full text and
rfc822 format available.
Message #38 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii <eliz <at> gnu.org> writes:
> > > Should we perhaps do something to help those who know this under the
> > > name "SHA1"?
> >
> > Is there any risk that some users believe that these would be two
> > different algorithms? My guess would be no, but I might be wrong.
>
> I have no idea, but I personally didn't even know SHA1 has another
> name, let alone a more "official" one.
This is the spelling in RFC 3174: https://tools.ietf.org/html/rfc3174
Perhaps SHA1 is just a common typo?
Best regards,
Stefan Kangas
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 12:15:02 GMT)
Full text and
rfc822 format available.
Message #41 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefan <at> marxist.se> writes:
> This is the spelling in RFC 3174: https://tools.ietf.org/html/rfc3174
Taking a closer look, they actually use "SHA1" in the document
headline, but "SHA-1" in the body text. So it's a bit of a mess.
I guess the important thing is that we use one spelling consistently
to avoid confusing users even more.
Best regards,
Stefan Kangas
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Tue, 17 Sep 2019 13:38:02 GMT)
Full text and
rfc822 format available.
Message #44 received at 37420 <at> debbugs.gnu.org (full text, mbox):
>>>>> On Tue, 17 Sep 2019 09:05:09 +0300, Eli Zaretskii <eliz <at> gnu.org> said:
>> From: Stefan Kangas <stefan <at> marxist.se>
>> Date: Mon, 16 Sep 2019 23:50:33 +0200
>> Cc: 37420 <at> debbugs.gnu.org
>>
>> +These symbols corresponds to the following hashing algorithms:
>> +
>> + md5 - MD5
>> + sha1 - SHA-1
>> + sha224 - SHA-2 / SHA-224
>> + sha256 - SHA-2 / SHA-384
>> + sha384 - SHA-2 / SHA-384
>> + sha512 - SHA-2 / SHA-512
Eli> Please always use "--" to imply an em-dash in plain text. In this
Eli> case, perhaps an even better way would be to explicitly say
Eli> "corresponds to".
You have sha256 -> SHA-384
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Fri, 20 Sep 2019 18:52:02 GMT)
Full text and
rfc822 format available.
Message #47 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> > +Note that SHA-1 is not collision resistant and should not be used
> > +for anything security-related. See `secure-hash' for
> > +alternatives."
>
> Looks good.
Thanks. Since there were no other comments, I've now committed this
first patch as commit 6d50010b34. I'll address the second patch in a
separate email.
Best regards,
Stefan Kangas
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Sat, 28 Sep 2019 10:21:02 GMT)
Full text and
rfc822 format available.
Message #50 received at 37420 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Robert Pluim <rpluim <at> gmail.com> writes:
> >>>>> On Tue, 17 Sep 2019 09:05:09 +0300, Eli Zaretskii <eliz <at> gnu.org> said:
>
> >> From: Stefan Kangas <stefan <at> marxist.se>
> >> Date: Mon, 16 Sep 2019 23:50:33 +0200
> >> Cc: 37420 <at> debbugs.gnu.org
> >>
> >> +These symbols corresponds to the following hashing algorithms:
> >> +
> >> + md5 - MD5
> >> + sha1 - SHA-1
> >> + sha224 - SHA-2 / SHA-224
> >> + sha256 - SHA-2 / SHA-384
> >> + sha384 - SHA-2 / SHA-384
> >> + sha512 - SHA-2 / SHA-512
>
> Eli> Please always use "--" to imply an em-dash in plain text. In this
> Eli> case, perhaps an even better way would be to explicitly say
> Eli> "corresponds to".
>
> You have sha256 -> SHA-384
Thanks Eli and Robert. How about the attached patch?
Best regards,
Stefan Kangas
[0001-Add-tests-for-secure-hash-and-improve-doc-string.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org
:
bug#37420
; Package
emacs
.
(Sat, 28 Sep 2019 19:56:02 GMT)
Full text and
rfc822 format available.
Message #53 received at 37420 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefan <at> marxist.se> writes:
> Thanks Eli and Robert. How about the attached patch?
Looks good to me, but one tiny thing:
> +(ert-deftest test-secure-hash ()
> + (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f"))
> + (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878"))
> + (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3"
> + "8c3c5e258988ab525f94
Perhaps the lines should be folded to avoid too-long lines?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Reply sent
to
Stefan Kangas <stefan <at> marxist.se>
:
You have taken responsibility.
(Fri, 04 Oct 2019 15:35:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Stefan Kangas <stefan <at> marxist.se>
:
bug acknowledged by developer.
(Fri, 04 Oct 2019 15:35:02 GMT)
Full text and
rfc822 format available.
Message #58 received at 37420-done <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> > Thanks Eli and Robert. How about the attached patch?
>
> Looks good to me, but one tiny thing:
>
> > +(ert-deftest test-secure-hash ()
> > + (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f"))
> > + (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878"))
> > + (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3"
> > + "8c3c5e258988ab525f94
>
> Perhaps the lines should be folded to avoid too-long lines?
Thanks; fixed and pushed as commit ef8fadf8c1.
Best regards,
Stefan Kangas
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sat, 02 Nov 2019 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 177 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.