Discussion:
[Dailydave] SHA1
Dave Aitel
2017-02-23 14:31:25 UTC
Permalink
So what is it that breaking SHA1 gets you on Windows boxes?

-dave
William Reyor
2017-02-23 15:51:00 UTC
Permalink
I believe this affects mostly certificates and ipsec configurations.
Post by Dave Aitel
So what is it that breaking SHA1 gets you on Windows boxes?
-dave
_______________________________________________
Dailydave mailing list
https://lists.immunityinc.com/mailman/listinfo/dailydave
--
William Reyor
Phone: 860-385-1099



*"L'essentiel est invisible pour les yeux"*
Ryan Kiser
2017-02-23 17:42:41 UTC
Permalink
While I’m probably not qualified to answer this question in a totally comprehensive way, the following technet article is illuminating if you ever find yourself wondering what SHA1 is still valid for in Microsoft land.

https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx <https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx>

Basically, a lot.

-Ryan
Post by Dave Aitel
So what is it that breaking SHA1 gets you on Windows boxes?
-dave
_______________________________________________
Dailydave mailing list
https://lists.immunityinc.com/mailman/listinfo/dailydave
Kristian Erik Hermansen
2017-02-24 21:00:55 UTC
Permalink
I think almost all versions of OpenVPN clients for mobile devices (windows
phone?, Android, iOS) didn't traditionally support anything greater than
sha1 crypto, so all openvpn mobile clients affected? OpenVPN traditionally
also relied on weak CA configs, so it's like time-warping back 5-10 years
in browser land? And how many OpenVPN clients actually validate their
server side end properly? Some things to consider.
Post by Dave Aitel
So what is it that breaking SHA1 gets you on Windows boxes?
-dave
_______________________________________________
Dailydave mailing list
https://lists.immunityinc.com/mailman/listinfo/dailydave
Loading...