[Mono-dev] Proposal: Change SignCode default from MD5 to SHA1

Alexander Köplinger alexander.koeplinger at xamarin.com
Tue Dec 15 20:00:11 UTC 2015


Ok, there we go: https://github.com/mono/mono/pull/2350 <https://github.com/mono/mono/pull/2350>

- Alex

> Am 15.12.2015 um 20:37 schrieb Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> 
> Hey,
> 
> There should not be any issues changing the default to SHA1, that was an already tested configuration. However a change to SHA256 would require some testing, as some constants might be missing (or did not even exists back in 2003 ;-).
> 
> Sebastien
> 
> On Tue, Dec 15, 2015 at 2:28 PM, Eric Lawrence <bayden at gmail.com <mailto:bayden at gmail.com>> wrote:
> As far as I know, all systems that support MD5 Authenticode signatures also support SHA1 signatures, so breakage from this change seems quite unlikely. 
> 
> (Alas, this is not true of SHA256, which is only supported on modern versions of Windows, and not presently supported by signcode.exe at all).
> 
> On Tue, Dec 15, 2015 at 1:12 PM, Alexander Köplinger <alexander.koeplinger at xamarin.com <mailto:alexander.koeplinger at xamarin.com>> wrote:
> I like it. Does changing the default have any backwards compatibility issues?
> 
> Looks like the default comes from https://github.com/mono/mono/blob/b7a308f660de8174b64697a422abfc7315d07b8c/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs#L80 <https://github.com/mono/mono/blob/b7a308f660de8174b64697a422abfc7315d07b8c/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs#L80> so we’d need to decide if we should change it there or make a targeted fix just for signcode.
> 
> - Alex
> 
>> Am 15.12.2015 um 20:00 schrieb Eric Lawrence <bayden at gmail.com <mailto:bayden at gmail.com>>:
>> 
>> (resend, as Miguel suggested I should join the list)
>> 
>> Today, the signcode application distributed with Mono defaults to using MD5 for Authenticode signing. This has resulted in vulnerable signatures on at least two broadly distributed projects (CoPilot and WordPress Desktop; see http://textslashplain.com/2015/12/15/hashes-and-code-signing/ <http://textslashplain.com/2015/12/15/hashes-and-code-signing/>).
>>  
>> MD5 signatures are dangerous because the collision attacks against MD5 get better and cheaper with each passing day, and any MD5 signature is vulnerable to abuse for the lifetime of the signing certificate—the package WordPress signed last week could be exploited until 11/21/2018 unless Automattic is willing to revoke their signing certificate before that time (costly).
>>  
>> SHA1 is considerably stronger than MD5 and signcode already supports it; it just needs to be made default. The command line argument (-a md5) could be used for anyone that really needs an MD5 signature for any reason.
>>  
>> Thanks for your consideration!
>>  
>> -Eric Lawrence
>> _______________________________________________
>> Mono-devel-list mailing list
>> Mono-devel-list at lists.ximian.com <mailto:Mono-devel-list at lists.ximian.com>
>> http://lists.ximian.com/mailman/listinfo/mono-devel-list <http://lists.ximian.com/mailman/listinfo/mono-devel-list>
> 
> 
> 
> 
> -- 
> Eric Lawrence
> Bayden Systems
> http://www.bayden.com <http://www.bayden.com/>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com <mailto:Mono-devel-list at lists.ximian.com>
> http://lists.ximian.com/mailman/listinfo/mono-devel-list <http://lists.ximian.com/mailman/listinfo/mono-devel-list>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20151215/93c2a07a/attachment.html>


More information about the Mono-devel-list mailing list