https://lore.kernel.org/linux-
crypto/[email protected]/T/#t
** Description changed:
- Signatures are smaller, and do not use problematic RSA-PKCS#1.5 padding.
+ Currently we use RSA + SHA2-512 for signing.
- (SHA-2 standard) SHA512 is also very problematic, because it has no
- protection against length extension attacks anymore.
-
- Upgrade to SHA3-512 as used by snap assertions, and is of the same
- length & same security bits as current scheme.
+ Consider switching to RSA + SHA3-512 for improved security
** Changed in: linux (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2037741
Title:
Improve kernel module signing strength
Status in linux package in Ubuntu:
Triaged
Bug description:
Currently we use RSA + SHA2-512 for signing.
Consider switching to RSA + SHA3-512 for improved security
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2037741/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
