[mpeg-OTspec] MD5 is no more considered secure

Manlio Perillo manlio.perillo at gmail.com
Sat Dec 19 23:38:02 CET 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Levantovsky, Vladimir ha scritto:

First of all, I would like to add some other considerations.

The OFF specification states:
"The format identifier specifies both the format of the signature
object, as well as the hashing algorithm used to
create and authenticate the signature. Currently only one format is
defined. Format 1 supports PKCS#7
signatures with X.509 certificates and counter-signatures, as these
signatures have been standardized for use
by the W3C with the participation of numerous software developers."

Does this means that only a fixed number of hash algorithms can be used?
Where are these algorithms specified?

The OFF specification uses MD5 **as an example**, and the PKCS#7
specification uses MD2 and MD5 **as an example**.

However, a signature can use whatever digest algorithm, as far as I can
understand.

This means that, in my opinion, the text of the OFF specification is not
correct, since the "format identifier" **does not** specifies the "hash
algorithm used to create and authenticate the signature.
This is specified inside the signature.

> DSIG is an optional table in the OT/OFF font, the primary reason 
> for its inclusion is to provide a certain level of assurance that
> the font file has not been tampered with. Even though MD5 may no
> longer be considered secure, I am not sure if the security in its
> strict sense would be required and/or necessary here. However, any
> changes to this part may (and probably will) affect many existing
> implementations.

First of all, I was assuming that in a OFF font it is possible to use
any of the known hash algorithms, like SHA-1, and so on.

If my assumption is wrong, and only MD5 can be used, then the text in
the OFF specification should be changed, since MD5 is no more considered
secure. As an example, a warning about this should be added.

If my assumpion is correct, then MD5 is just as an example; however the
text needs to be changed since the "secure one-way hash (such as MD5)"
is in contradiction (you want a secure one way hash, but MD5 is no more
considered secure).

If the OFF specification wants to suggest a secure one-way hash
algorithm, it should suggest SHA-1.


> [...]



Regards  Manlio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkstVcoACgkQscQJ24LbaURbBwCfdGgRinrX508sq8NhTTRImEnF
hrYAniQlJiUhy9A4xTDdk5AORyAgGx9d
=Ho2D
-----END PGP SIGNATURE-----

More information about the mpeg-otspec mailing list