https://bugzilla.novell.com/show_bug.cgi?id=894783
https://bugzilla.novell.com/show_bug.cgi?id=894783#c0
Summary: CA management: Sign Request: Don't use sequential serial numbers Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Ulrich.Windl@rz.uni-regensburg.de QAContact: jsrain@suse.com Found By: --- Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0
(In openssl tradition certificates use sequential serial numbers) YaST's certificate signing function uses sequential serial numbers to issue (sign) certificates (like 01, 02, 03, ... 09, 0A, 0B, ...) Due to some weaknesses in SHA-1, there's a recommendation to use serial numbers with a higher entropy. See https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekSignatur/BSI_SHA1_Ze... (German): ---BEGIN quote--- Kollisionsangriffe gegen die Zertifikaterstellung mit SHA-1 können von vornherein verhindert werden, wenn folgendes gilt: 1) Es wird das X.509v3 Format gemäß ISIS-MTT verwendet. 2) Die Seriennummer ("serialNumber") des Zertifikats hat eine genügend hohe Entropie h für den Angreifer. D.h. die Unsicherheit des Angreifers über die Seriennummer eines zu erstellenden Zertifikats ist mindestens h Bits. (...) ---END quote---
Reproducible: Always
Steps to Reproduce: 1. Sign a certificate request (CSR) in YaST's CA management
Actual Results: The certificate gets a serial number that can easily be guessed
Expected Results: The serial number should not be easy to guess
See also http://www.heise.de/security/meldung/Fragwuerdige-Hash-Funktion-SHA-1-immer-... (German)
https://bugzilla.novell.com/show_bug.cgi?id=894783
https://bugzilla.novell.com/show_bug.cgi?id=894783#c1
Bernhard Wiedemann bwiedemann@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bwiedemann@suse.com, | |meissner@suse.com AssignedTo|bnc-team-screening@forge.pr |mc@suse.com |ovo.novell.com |
--- Comment #1 from Bernhard Wiedemann bwiedemann@suse.com 2014-09-07 14:03:05 CEST --- IMHO, it would be easier+better to switch to another hash function instead
https://bugzilla.novell.com/show_bug.cgi?id=894783
https://bugzilla.novell.com/show_bug.cgi?id=894783#c2
--- Comment #2 from Marcus Meissner meissner@suse.com 2014-09-07 15:52:36 UTC --- yes, sha1 should not be used here anymore, sha256 seems to be current mostly used function
https://bugzilla.novell.com/show_bug.cgi?id=894783
https://bugzilla.novell.com/show_bug.cgi?id=894783#c3
Michael Calmer mc@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX
--- Comment #3 from Michael Calmer mc@suse.com 2014-09-09 10:52:22 CEST --- openSUSE 13.2 uses sha256 by default. But I will not fix it for this old openSUSE version. So closed as wontfix (for this version)
http://bugzilla.novell.com/show_bug.cgi?id=894783 http://bugzilla.novell.com/show_bug.cgi?id=894783#c6
Michael Calmer mc@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |WONTFIX
--- Comment #6 from Michael Calmer mc@suse.com --- Dropped. Will not be changed for old versions.
http://bugzilla.novell.com/show_bug.cgi?id=894783 http://bugzilla.novell.com/show_bug.cgi?id=894783#c7
--- Comment #7 from Michael Calmer mc@suse.com --- Dropped. Will not be changed for old versions.