[mpeg-OTspec] MD5 is no more considered secure
Daniel Strebe
dstrebe at adobe.com
Thu Dec 17 22:49:45 CET 2009
And a large part of the utility of MD5 hashes is to detect corruption from file system or file transmission, a faculty left intact even if security is not. Still, would it not be prudent to provide for stronger security? (Particularly since font viruses have already been demonstrated!) For example, any font with a more secure hashing scheme would also be required to supply the MD5 DSIG. This leaves existing implementations functional, since unknown SFNT tables generally get ignored.
The problem here is that (legitimate) software that modifies fonts but is not aware of the more secure hashing scheme would then end up writing a font with incompatible strong and weak hashes because the strong hash would not have got updated to reflect the changes in the font. But software that leaves in places tables it does not understand when modifying fonts is just asking for trouble anyway, since the unknown table could refer to information in tables that got modified.
Regards,
- daan Strebe
Senior Computer Scientist
Adobe Systems Incorporated
On 09/12/17 13:09, "Levantovsky, Vladimir" <vladimir.levantovsky at monotypeimaging.com> wrote:
DSIG is an optional table in the OT/OFF font, the primary reason for its inclusion is to provide a certain level of assurance that the font file has not been tampered with. Even though MD5 may no longer be considered secure, I am not sure if the security in its strict sense would be required and/or necessary here. However, any changes to this part may (and probably will) affect many existing implementations.
Regards,
Vlad
> -----Original Message-----
> From: mpeg-OTspec at yahoogroups.com <mailto:mpeg-OTspec%40yahoogroups.com> [mailto:mpeg-OTspec at yahoogroups.com <mailto:mpeg-OTspec%40yahoogroups.com> ]
> On Behalf Of Manlio Perillo
> Sent: Thursday, December 17, 2009 11:47 AM
> To: mpeg-OTspec at yahoogroups.com <mailto:mpeg-OTspec%40yahoogroups.com>
> Cc: opentype-migration-list at indx.co.uk <mailto:opentype-migration-list%40indx.co.uk>
> Subject: [mpeg-OTspec] MD5 is no more considered secure
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi.
>
> In the specification for the DSIG table, page 90 in the Open Font
> Format
> specification, there is this item:
>
> 2. Hash the full stream of bytes using a secure one-way hash (such as
> MD5) to create the content dig
>
>
> Well, MD5 is *no more* considered secure:
> http://en.wikipedia.org/wiki/MD5
>
>
> Although MD5 is used just as an example, I propose that the text of the
> specification should be changed, and another hash algorithm used.
>
>
> Regards Manlio
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAksqYGcACgkQscQJ24LbaUTOCACcDoKRAOv1jXdUkv6Q9jKDFy+F
> fcoAoJhLY9OhkAXZ0+U5zBtFEHceD5sI
> =bqdx
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aau.at/pipermail/mpeg-otspec/attachments/20091217/237c40fe/attachment.html>
More information about the mpeg-otspec
mailing list