Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240926191139.GA9140@openwall.com>
Date: Thu, 26 Sep 2024 21:11:39 +0200
From: Solar Designer <solar@...nwall.com>
To: LinkinStar <linkinstar@...che.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses

Hi LinkinStar,

There were several more replies from others, please see in the list
archive if you're not subscribed:

https://www.openwall.com/lists/oss-security/

On Thu, Sep 26, 2024 at 10:10:38AM +0800, LinkinStar wrote:
> Because *Gravatar recommends using sha-256*, we believe there must be a
> reason for its modification. Since the official recommendation is to change
> the encryption method, why not implement it according to the official
> requirements? You must admit that sha-256 is more difficult than md5, even
> if only slightly. Although this may not completely solve the problem, I
> believe following the official recommendation would be marginally better,
> wouldn't it? So I think this fix itself is acceptable.

The change is fine - just don't call it a security fix.  Also, this is
hashing and not encryption.

Others pointed out that Gravatar's recommendation is just that - not a
specification - so unless you need interoperability with other servers
implementing Gravatar, you can do better than SHA-256.  Specifically,
use of a keyed hash such as HMAC-SHA256 was suggested and makes sense to
me - as long as the key is generated from a CSPRNG (such as
/dev/urandom) and is large enough (such as 32 bytes).

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.