From Fedora Project Wiki

Revision as of 11:03, 21 April 2022 by Asosedkin (talk | contribs) (Draft the initial version of SHA1SignaturesGuidance)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

SHA-1 signatures guidance

Don't

Your go-to decision with regard to SHA-1 signatures should be "do not operate on them", as they're not cryptographically secure anymore, as isn't anything relying on SHA-1 collision resistance. Do not verify and definitely do not create them anymore. Migrate to more modern cryptographic algorithms instead in time for StrongCryptoSettings3.

But it's not an option for my component

Please start a discussion upstream and make it an option.

We're migrating from SHA-1 already but we need more time

The world is slow. RFCs lag behind realities, implementations lag behind RFCs, deployments lag behind code, et cetera.

If it's not an option to distrust SHA-1 for your component by Fedora 38, a Fedora-specific work around might be added, conditioned on two things:

1. SHA-1 signatures MUST NOT be trusted by default.

The user must explicitly opt into performing the requested cryptographically weak operation and the insecurity of the operation must be conveyed to them in no unclear terms. Do not use the workaround unconditionally.

2. Any component using the workaround to verify SHA-1 signatures must be added to the WeakCryptographyException list, describing the explicit opt-in procedure and linking to the ongoing effort to migrate from SHA-1.

TODO: describe workaround itself.

When in doubt, contact the Fedora security team: https://lists.fedoraproject.org/admin/lists/security.lists.fedoraproject.org

Retrieved from "https://fedoraproject.org/w/index.php?title=SHA1SignaturesGuidance&oldid=641050"