[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-development
Subject: Re: [Openvas-devel] Hardening OpenVAS's crypto implementation
From: "Jan-Oliver Wagner" <Jan-Oliver.Wagner () greenbone ! net>
Date: 2009-08-25 10:30:45
Message-ID: 200908251230.45977.Jan-Oliver.Wagner () greenbone ! net
[Download RAW message or body]
On Freitag, 21. August 2009, Tim Brown wrote:
> I've been having a look at how OpenVAS currently does crypto (primarily around
> the client/server SSL and plugin validation) and it strikes me that we have a
> significant over reliance on MD5 both for validating certificates and for
> validating plugins. For those of you that may not be aware MD5 is subject to
> significant collision attacks[1] that make it unsuitable for such purposes.
>
> Changing how we validate plugins may require changes to the protocol and
> should therefore be formalised in a change request, however in the mean time,
> I would like to change how certificates are handled as soon as can reasonably
> be done and am interested in your opinions on this.
can you detail the proposed changes for the meantime a bit more?
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic