[PATCH 0/2] crypto: remove MD4 generic shash
Andrew Bartlett
abartlet at samba.org
Thu Aug 19 05:23:30 UTC 2021
On Wed, 2021-08-18 at 22:18 -0700, Eric Biggers wrote:
> I'm not sure you understand how embarrassing it is to still be using
> these
> algorithms. MD4 has been broken for over 25 years, and better
> algorithms have
> been recommended for 29 years. Similarly MD5 has been broken for 16
> years and
> better algorithms have been recommended for 25 years (though granted,
> HMAC-MD5
> is more secure than plain MD5 when properly used). Meanwhile SHA-2
> is 20 years
> old and is still considered secure. So this isn't something that
> changes every
> month -- we're talking about no one bothering to do anything in 30
> years.
>
> Of course, if cryptography isn't actually applicable to the use case,
> then
> cryptography shouldn't be used at all.
I'm sorry that Samba - or the Kernel, you could implement whatever is
desired between cifs.ko and kcifsd - hasn't gone it alone to build a
new peer-to-peer mechanism, but absent a Samba-only solution Microsoft
has been asked and has no intention of updating NTLM, so embarrassing
or otherwise this is how it is.
Thankfully only the HMAC-MD5 step in what you mention is
cryptographically significant, the rest are just very lossy compression
algorithms.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba-technical
mailing list