[openssl-dev] [RFC] enc utility & under-documented behavior changes: improving backward compatibility
Matt Caswell
matt at openssl.org
Wed Oct 4 09:39:03 UTC 2017
On 03/10/17 18:51, Robin H. Johnson wrote:
> On Tue, Oct 03, 2017 at 09:45:43AM +0200, Tomas Mraz wrote:
>> On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote:
>>>
>>>> 1.2. This also opens the path to stronger key derivation (PBKDF2)
>>>> 2. During decryption, if no header block is present, and no message
>>>> digest was specified, the default digest SHOULD be MD5.
>>>
>>> Should it? What about compatibility with OpenSSL 1.1.0? We cannot
>>> make
>>> breaking changes in 1.1.1, so it has to be compatible with 1.1.0.
>> Yeah, the ship has sailed. SHA-256 should be used by default as in
>> 1.1.0.
> It's a breaking change from 1.0.
As Tomas said - that ship has sailed. In my mind that change was a
mistake. It could have been done in a non-breaking way by introducing a
new header format at that time. That way if the header was not present
then we would have known to use MD5 - otherwise use the hash as
specified in the header. But its too late now. Breaking it again back to
what it was before is the wrong answer.
> At the very least, it should be added to the big notes:
> https://www.openssl.org/news/openssl-1.1.0-notes.html
> (this was in fact the first place I looked when my data was broken,
> there was nothing about the enc tool here).
Well in fact it is there:
*) Changed default digest for the dgst and enc commands from MD5 to
sha256
[Rich Salz]
Perhaps that is a little brief - it doesn't really explain the
implications of the change.
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 480 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171004/d3e0be07/attachment.sig>
More information about the openssl-dev
mailing list