Hey Lukas, For clarity can you post the relevant jira issues that are relevant? I have these in my watch list: * https://jira.mariadb.org/browse/MDEV-12701 * https://jira.mariadb.org/browse/MDEV-12160 * https://jira.mariadb.org/browse/MDEV-16503 Thanks, Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@gmail.com <mailto:ngtech1ltd@gmail.com> Zoom: Coming soon From: Maria-discuss <maria-discuss-bounces+ngtech1ltd=gmail.com@lists.launchpad.net> On Behalf Of Lukas Javorsky Sent: Monday, March 22, 2021 1:28 PM To: Sergei Golubchik <serg@mariadb.org> Cc: maria-discuss@lists.launchpad.net Subject: Re: [Maria-discuss] Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5? Hi Sergei, I'm going to create the feature requests as you mentioned.
Neither password hashing nor certificate fingerprinting, as far as I can
see, use MD5.
Yes, I know, that's why I used "OR". I was just double checking. SHA-1 is used though. However, we don't just have the checkbox for this. The computing power is really skyrocketing every year, and we should be prepared rather than waiting for it. That's why we are doing extra steps to prevent any security issues that may be caused by weak algorithms. And since MariaDB is pretty big and widely used software we need to protect our customers against these types of attacks. I will try to provide as many information as I can in the following feature requests at jira.mariadb.com <http://jira.mariadb.com> Thank you Lukas On Fri, Mar 19, 2021 at 2:11 PM Sergei Golubchik <serg@mariadb.org <mailto:serg@mariadb.org> > wrote: Hi, Lukas! On Mar 19, Lukas Javorsky wrote:
The main functions that are important for us is the password hashing, certificate fingerprinting in mariadb-connector-c which uses SHA-1 or MD5
Neither password hashing nor certificate fingerprinting, as far as I can see, use MD5. Password hashing, indeed, uses SHA-1. It's still secure, as far as I know, but I understand that you're likely just need a checkbox "no SHA-1 inside". Please, create a feature request at jira.mariadb.org <http://jira.mariadb.org> for that (use type=task, project=MDEV). Certificate fingerprinting in mariadb-connector-c also uses SHA-1. If think it might make sense to allow other digest algorithms too. Please, create a feature request at jira.mariadb.org <http://jira.mariadb.org> (project=CONC). Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org <mailto:security@mariadb.org> -- S pozdravom/ Best regards Lukáš Javorský Associate Software Engineer, Core service - Databases <https://www.redhat.com> Red Hat Purkyňova 115 (TPB-C) 612 00 Brno - Královo Pole <mailto:ljavorsk@redhat.com> ljavorsk@redhat.com <https://www.redhat.com/>