Re: Proposal: Remove MD5 / SHA1 support from veriexec

To: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Subject: Re: Proposal: Remove MD5 / SHA1 support from veriexec
From: Taylor R Campbell <campbell+netbsd-tech-security%mumble.net@localhost>
Date: Wed, 13 Sep 2017 21:26:55 +0000

> Date: Tue, 22 Aug 2017 00:12:19 +0100
> From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
> 
> Hello,
> As a two part process, I propose we remove the ability to generate
> signatures using SHA1/MD5 with veriexecgen as a part of NetBSD 8.
> Then in HEAD for NetBSD 9, we remove support for these hashes from the
> remaining components & kernel configuration files.
> 
> Part 1:
> http://www.netbsd.org/~sevan/patch-veriexecgen.txt
> 
> Part 2:
> http://www.netbsd.org/~sevan/patch-veriexec-nomd5-sha1.txt
> 
> Thoughts / objections?

LGTM (including removing RMD160 at the same time)

References:
- Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Sevan Janiyan

Prev by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Previous by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Thread: NetBSD Security Advisory 2017-004: buffer overflow via cmap for 4 graphics drivers
Indexes:

Home | Main Index | Thread Index | Old Index