Bug 63995 - app-admin/skey-1.1.5-r2: change of MD5 back to MD4
Bug#: 63995 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: ulm@gentoo.org
Component: Security
URL: 
Summary: app-admin/skey-1.1.5-r2: change of MD5 back to MD4
Keywords:  
Status Whiteboard: B4 [glsa?]
Opened: 2004-09-14 07:12 0000
Description:   Opened: 2004-09-14 07:12 0000 
I was wondering about the change of the default algorithm used
by S/Key introduced in version 1.1.5-r1: The algorithm used in
vanilla 1.1.5 is MD5, and that is what is suggested as the default
in RFC 2289, while MD4 is now purely optional:

| All conforming implementations of both server and generators MUST
| support MD5. They SHOULD support SHA and MAY also support MD4.

Now in -r1 (and still in -r2) the patch by skey-1.1.5-gentoo.diff
changes that default from MD5 (back?) to MD4.

I wonder if this isn't a step in the wrong direction, considering
RFC 2289 and <http://www.rsasecurity.com/rsalabs/node.asp?id=2253>:

| Dobbertin [Dob 95] has shown how collisions for the full version of
| MD4 can be found in under a minute on a typical PC. In recent work,
| Dobbertin (Fast Software Encryption, 1998) has shown that a reduced
| version of MD4 in which the third round of the compression function
| is not executed but everything else remains the same, is not
| one-way. Clearly, MD4 should now be considered broken.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-09-14 07:20:37 0000 ------- 
Tavis, please comment, as you were the one that committed the changes in -r1
about... 1 year ago :)

------- Comment #2 From Tavis Ormandy (RETIRED) 2004-09-14 07:50:47 0000 ------- 
I had completely forgotten about this, I think it was the reporter who emailed
a few months ago about it. He's quite correct, the default should be changed to
md5. it's a simple fix, and app-admin/skey-1.1.5-r3 includes it.

------- Comment #3 From Thierry Carrez (RETIRED) 2004-09-14 08:20:49 0000 ------- 
Does everyone agree with me it should be closed without GLSA ?

------- Comment #4 From Thierry Carrez (RETIRED) 2004-09-14 08:31:22 0000 ------- 
Ebuild should be stable before this is closed.

Target keywords : x86 ppc sparc mips alpha arm hppa amd64 ia64 s390 ppc64
Arches please test app-admin/skey-1.1.5-r3 and mark stable.

------- Comment #5 From Guy Martin 2004-09-14 08:47:00 0000 ------- 
Done on hppa.

------- Comment #6 From Olivier Crete 2004-09-14 16:12:14 0000 ------- 
stable on x86
btw repoman reminds us that app-admin/skey/files/skey-1.1.5-gentoo.diff.gz is 37k.. that is bigger than 20k..

------- Comment #7 From Pieter Van den Abeele 2004-09-14 17:29:34 0000 ------- 
stable on ppc

------- Comment #8 From Jason Wever (RETIRED) 2004-09-15 05:14:38 0000 ------- 
Stable on sparc

------- Comment #9 From Bryan Østergaard (RETIRED) 2004-09-15 17:34:17 0000 ------- 
Stable on alpha.

------- Comment #10 From SpanKY 2004-09-19 17:53:52 0000 ------- 
only s390 left ...

------- Comment #11 From Thierry Carrez (RETIRED) 2004-09-20 05:43:14 0000 ------- 
Closing without GLSA

------- Comment #12 From SpanKY 2004-09-22 20:51:06 0000 ------- 
s390 is done