-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
7
-
generic
-
generic
On December 24, 2010, Tao Xie and Dengguo Feng announced the first
published single-block MD5 collision (two 64-byte messages with the same
MD5 hash) [1]. And in March 2011, an informational RFC (RFC 6151 [2])
was approved to update the security considerations for the MD5
Message-Digest and the HMAC-MD5 Algorithms.
The RFC (RFC 6151) states, "MD5 is no longer acceptable where collision
resistance is required such as digital signatures. It is not urgent to
stop using MD5 in other ways, such as HMAC-MD5; however, since MD5 must
not be used for digital signatures, new protocol designs should not
employ HMAC-MD5."
We should probably add a warning to jarsigner if someone tries to sign a jar with anything less secure than SHA-1, and a warning to keytool if someone want to import a certificate into trusted keystore.
[1]: http://eprint.iacr.org/2010/643.pdf
[2]: http://www.ietf.org/rfc/rfc6151.txt
published single-block MD5 collision (two 64-byte messages with the same
MD5 hash) [1]. And in March 2011, an informational RFC (RFC 6151 [2])
was approved to update the security considerations for the MD5
Message-Digest and the HMAC-MD5 Algorithms.
The RFC (RFC 6151) states, "MD5 is no longer acceptable where collision
resistance is required such as digital signatures. It is not urgent to
stop using MD5 in other ways, such as HMAC-MD5; however, since MD5 must
not be used for digital signatures, new protocol designs should not
employ HMAC-MD5."
We should probably add a warning to jarsigner if someone tries to sign a jar with anything less secure than SHA-1, and a warning to keytool if someone want to import a certificate into trusted keystore.
[1]: http://eprint.iacr.org/2010/643.pdf
[2]: http://www.ietf.org/rfc/rfc6151.txt