[Mono-dev] Proposal: Change SignCode default from MD5 to SHA1

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Dec 15 19:37:15 UTC 2015


There should not be any issues changing the default to SHA1, that was an
already tested configuration. However a change to SHA256 would require some
testing, as some constants might be missing (or did not even exists back in
2003 ;-).


On Tue, Dec 15, 2015 at 2:28 PM, Eric Lawrence <bayden at gmail.com> wrote:

> As far as I know, all systems that support MD5 Authenticode signatures
> also support SHA1 signatures, so breakage from this change seems quite
> unlikely.
> (Alas, this is not true of SHA256, which is only supported on modern
> versions of Windows, and not presently supported by signcode.exe at all).
> On Tue, Dec 15, 2015 at 1:12 PM, Alexander Köplinger <
> alexander.koeplinger at xamarin.com> wrote:
>> I like it. Does changing the default have any backwards compatibility
>> issues?
>> Looks like the default comes from
>> https://github.com/mono/mono/blob/b7a308f660de8174b64697a422abfc7315d07b8c/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs#L80 so
>> we’d need to decide if we should change it there or make a targeted fix
>> just for signcode.
>> - Alex
>> Am 15.12.2015 um 20:00 schrieb Eric Lawrence <bayden at gmail.com>:
>> (resend, as Miguel suggested I should join the list)
>> Today, the signcode application distributed with Mono defaults to using
>> MD5 for Authenticode signing. This has resulted in vulnerable signatures on
>> at least two broadly distributed projects (CoPilot and WordPress Desktop;
>> see http://textslashplain.com/2015/12/15/hashes-and-code-signing/).
>> MD5 signatures are dangerous because the collision attacks against MD5
>> get better and cheaper with each passing day, and any MD5 signature is
>> vulnerable to abuse for the lifetime of the signing certificate—the package
>> WordPress signed last week could be exploited until 11/21/2018 unless
>> Automattic is willing to revoke their signing certificate before that time
>> (costly).
>> SHA1 is considerably stronger than MD5 and signcode already supports it;
>> it just needs to be made default. The command line argument (-a md5) could
>> be used for anyone that really needs an MD5 signature for any reason.
>> Thanks for your consideration!
>> -Eric Lawrence
>> _______________________________________________
>> Mono-devel-list mailing list
>> Mono-devel-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-devel-list
> --
> Eric Lawrence
> Bayden Systems
> http://www.bayden.com
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20151215/2d651eaa/attachment-0001.html>

More information about the Mono-devel-list mailing list