I concur with your "TLS", but wanted to add some context from oss-security responses i got for
Derek Martin wrote in <[email protected]>: ... |However, a better question is, should Mutt support CRAM-MD5 *at all*? |MD5 is broken and hence no longer used for authentication on any |modern system. Unless IMAP4/SASL can't work without it (which I don't |know, but that would surprise me) then probably what should actually |happen here is that CRAM-MD5 support should be compiled out entirely |by default, and only compiled in if the user configures it expressly, |with ample documentation in the configure script help that you really |shouldn't be using that... I got responses like Clemens Lang, in [email protected] TLS < 1.2 only supports a single signature algorithm, which uses SHA1-MD5 as digest. Only TLS >= 1.2 supports the signature_algorithms extension to negotiate modern digests. MD-5 is fully broken. SHA-1 is questionable. Their combination may withstand attacks a little bit longer, but probably not by much. The MAC is actually fine, since it’s HMAC with SHA-1, which isn’t as affected by a SHA-1 collision attack [1]. [1]: https://security.stackexchange.com/questions/187866/why-aren-t-collisions-important-with-hmac and Peter Gutmann in me0p300mb0713b2849acb451acdc81707ee...@me0p300mb0713.ausp300.prod.outlook.com It's not just hard, for TLS it's pretty much impossible. The collision attacks against SHA-1 have been chosen-prefix and very much offline which you can't do with TLS. Even then, it's only the handshake which uses SHA-1, the rest uses HMAC-SHA1 which, even for MD5, is still secure. Finally, TLS < 1.2 uses MD5+SHA1 in combination, which no-one has found an actual attack on yet. So in this case TLS 1.2 is actually weaker than TLS 1.1. There's also the issue I cover in: http://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf which is really about quantum cryptanalysis but also covers other attack types. His PDF is probably of interest for you. Never mind the bollocks. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
