[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Perry E. Metzger |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Thu, 5 Jul 2018 11:52:59 -0400 |
On Mon, 25 Jun 2018 19:33:49 +0200 Lars Ingebrigtsen <address@hidden>
wrote:
> Jimmy Yuen Ho Wong <address@hidden> writes:
>
> > It's all about collisions[1], it's mostly a precaution, as no one
> > has found an actual collistion for a cert yet, but Google has
> > found collision for PDF last year [2].
>
> Ah, OK, then the SHA1 intermediate check isn't that vital.
It is, actually. It's believed to be straightforward for national
actors to forge intermediate certificates at this point.
> (I think the PDF collision was a cheat, anyway, since they just
> generated a lot of binary junk in a non-parsed section of the
> PDF. :-) )
One of the rules in this game is attacks get better with time. Not
that long after the first certificational attacks on MD5, it was
discovered that parties unknown, generally thought to be nation-state
actors, had been forging signatures on Microsoft software updates
using MD5 collisions to enable what they were doing.
I would make sure that SHA-1 defenses are in place.
Perry
--
Perry E. Metzger address@hidden
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Stephen Berman, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Stephen Berman, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, martin rudalics, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Stephen Berman, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Stephen Berman, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, martin rudalics, 2018/07/08
Re: A couple of questions and concerns about Emacs network security,
Perry E. Metzger <=
Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/05
Re: A couple of questions and concerns about Emacs network security, Noam Postavsky, 2018/07/05
Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/05