[PATCH 0/2] crypto: remove MD4 generic shash

Andrew Bartlett abartlet at samba.org
Thu Aug 19 05:23:30 UTC 2021

On Wed, 2021-08-18 at 22:18 -0700, Eric Biggers wrote:

> I'm not sure you understand how embarrassing it is to still be using
> these
> algorithms.  MD4 has been broken for over 25 years, and better
> algorithms have
> been recommended for 29 years.  Similarly MD5 has been broken for 16
> years and
> better algorithms have been recommended for 25 years (though granted,
> is more secure than plain MD5 when properly used).  Meanwhile SHA-2
> is 20 years
> old and is still considered secure.  So this isn't something that
> changes every
> month -- we're talking about no one bothering to do anything in 30
> years.
> Of course, if cryptography isn't actually applicable to the use case,
> then
> cryptography shouldn't be used at all.

I'm sorry that Samba - or the Kernel, you could implement whatever is
desired between cifs.ko and kcifsd -  hasn't gone it alone to build a
new peer-to-peer mechanism, but absent a Samba-only solution Microsoft
has been asked and has no intention of updating NTLM, so embarrassing
or otherwise this is how it is.

Thankfully only the HMAC-MD5 step in what you mention is
cryptographically significant, the rest are just very lossy compression

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba-technical mailing list