[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[mpop-users] support SHA-2 and SHA-3



Currently, mpop(1) sais for tls_fingerprint:

The fingerprint can be either an SHA1 (recommended) or an MD5 fingerprint in the format 01:23:45:67:....

MD5 has been broken since 2008:

Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use.

https://www.win.tue.nl/hashclash/rogue-ca/

SHA-1 is also showing its age:

SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3. Microsoft, Google and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

https://en.wikipedia.org/wiki/SHA-1

Currently, trying to use a SHA-256-fingerprint in mpop/msmtp results in an error:

mpop: /home/XXX/.mpoprc: line XX: invalid argument 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 for command

I propose to:

- implement support for SHA-2 with its six hash functions
- implement support for SHA-3
- drop support for MD5

Thanks, and keep up the awesome work!

--
ilf

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung

Attachment: signature.asc
Description: Digital signature