Project

General

Profile

Actions

Feature #18272

closed

Please replace unsafe SHA1 with another digest algorithm

Added by pvalena (Pavel Valena) over 2 years ago. Updated over 2 years ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
-
[ruby-core:105823]

Description

Context

When working on a new version of RHEL (with Ruby 3.0), the requirement is to have a better security (remove unsafe digests or limit the use for non-security purposes). This would be achieved with using OpenSSL 3.0 as well, which will have a raised security level by default, forbidding the use of unsafe digests.

Issue

SHA-1 does not conform to the security requirements, and its replacement would be preferred.
A quote from the discussion (the Bug is marked as internal):

SHA-1 is still possible to use for non-security use cases, but it we should try to prevent their use for signatures if possible. The Python took a way to prevent this using non-mandatory argument usedforsecurity=True to the constructor, which lets the programmers to indicate their intention explicitly and policy-makers to verify no SHA1 is used in security context. [1]

[1] https://docs.python.org/3/library/hashlib.html#hashlib.new

Question

AFAICT in Ruby it is used for non-security purposes only. Could you confirm that?

Possible solution

The use for non-security purposes might be indicated with setting an internal variable, which would allow the use of SHA-1 (although forbidden via OpenSSL setting). Do you think this would be possible?

Additional information

The failing tests upon SHA-1 removal in Ruby 3.0.2: https://gist.github.com/pvalena/9a053c5585329b595e2bff504198eba5


Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #18356: Please replace use of unsafe MD5 with another digest algorithmThird Party's IssueActions
Actions #1

Updated by hsbt (Hiroshi SHIBATA) over 2 years ago

  • Tracker changed from Misc to Feature

Updated by retro (Josef Šimánek) over 2 years ago

AFAIK SHA-1 is used in Bundler/RubyGems only to hash filepath for gem clones and could be replaced in the future. It was recently vendored in bundler and could be vendored into RubyGems as well.

It can be changed to different hashing algo, but it will not be backwards compatible and proper migration plan should be prepared first.

Updated by jeremyevans0 (Jeremy Evans) over 2 years ago

We still support digest/md5 and digest/rmd160, and I doubt those are more secure than SHA-1. If the operating system OpenSSL doesn't include support for old digests, then Ruby's openssl extension will not either (though the digest extension may).

I don't think Ruby should remove old digests, simply because they can be used improperly. There are proper uses. For example, using MD5 or SHA1 as the digest for an HMAC is still considered secure as far as I know. I'm fine updating the documentation to recommend against direct use of old digests for cryptographic purposes. I'm also fine updating the test suite so it passes if old digests are removed, by skipping the related tests.

Updated by shyouhei (Shyouhei Urabe) over 2 years ago

+1 to replace unsafe use of SHA-1, if any, to something more secure. That shall be a good thing.

-1 for its removal.

Actions #5

Updated by nobu (Nobuyoshi Nakada) over 2 years ago

  • Status changed from Open to Third Party's Issue

Updated by pvalena (Pavel Valena) over 2 years ago

Another suggestion from our internal discussion:

SHA1 should work for you, though it would be better if you could switch to EVP API from old SHA* API, if you by chance still use it.
Actions #7

Updated by nobu (Nobuyoshi Nakada) over 2 years ago

  • Related to Bug #18356: Please replace use of unsafe MD5 with another digest algorithm added

Updated by byroot (Jean Boussier) over 2 years ago

I went over the stdlib and there's no use of Digest::SHA1 whatsoever. All the matches are from rubygems/bundler.

So I'm of the opinion this should be closed as third party issue.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0