|
|
Subscribe / Log in / New account

Why support ancient broken algorithms

Why support ancient broken algorithms

Posted Oct 15, 2024 18:16 UTC (Tue) by raven667 (subscriber, #5198)
In reply to: Why support ancient broken algorithms by wittenberg
Parent article: LibreSSL 4.0.0 released

There still exists MD5 out in the wild, in historical systems/data or just very old but live systems, so the implementation still needs to exist even if it's not used for anything new, and crypto-policies or equivalent prevent it's use by default. If the code needs to exist then it needs to be maintained, which may involve cleanup to work error free with current compilers/libraries, to match changes to style in other internal libraries, etc.

to post comments

Why support ancient broken algorithms

Posted Oct 16, 2024 15:14 UTC (Wed) by wittenberg (subscriber, #4473) [Link] (2 responses)

One has to consider the cost that supporting old standards (particularly in crypto) imposes. In addition to the obvious work, more code means a larger attack surface, and in the case of crypto algorithms makes "Poodle" style attacks easier. This decreases security for everyone. At what point does one simply say "that's too old"? There are still people riding horses, but we no longer have street sweepers cleaning up manure on the street.

I can see a case for MD5, but MD4 was already completely broken in the mid-1990s (ie, since about the time CD-ROMs started to show up). That strikes me as too outdated to support.

--David

Why support ancient broken algorithms

Posted Oct 16, 2024 20:09 UTC (Wed) by ballombe (subscriber, #9523) [Link]

According to wikipedia MD4 article: 
MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista, 7, 8, 10 and 11.[4]

Why support ancient broken algorithms

Posted Oct 16, 2024 21:01 UTC (Wed) by wahern (subscriber, #37304) [Link]

MD4 is used by the unfortunately still common legacy protocol MS-CHAPv2. And MS-CHAPv2 is used for, among other things, PPTP username authentication in IKEv1+PPTP VPNs. MS-CHAPv2 is also commonly used in IKEv2 VPNs, alongside EAP-MD5, for username-based authentication setups. Yes, MS-CHAPv2 is completely broken, and EAP-MD5 isn't great, either, but that doesn't matter much in these cases. For IPsec-based VPNs the real security is provided by the separate, outer IKE authentication and IPSec encryption, so they're similar (ignoring salting issues) to plaintext passwords over encrypted channels. Moreover, these passwords are often generated and distributed per user for this specific service, in which cases general login account passwords aren't being put at risk. Strictly speaking there are better options, such as peer certificates, but for various reasons--interoperability, configuration convenience, know-how... basically the same reasons password-based authentication remains sticky elsewhere--these particular authentication setups remain very common.

Why support ancient broken algorithms

Posted Oct 16, 2024 15:49 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

MD5 is sometimes used as a data integrity checksum rather than for cryptographic purposes.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds