maria-discuss team mailing list archive

Thread
Date

Re: Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?

To: Lukas Javorsky <ljavorsk@xxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 19 Mar 2021 14:11:53 +0100
Cc: maria-discuss@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAK719L0HQ2O3QBpZo69g8QEuXE4Ns+kYstidTrcfwYA=t1P1fA@mail.gmail.com>

Hi, Lukas!

On Mar 19, Lukas Javorsky wrote:
> 
> The main functions that are important for us is the password hashing,
> certificate fingerprinting in mariadb-connector-c which uses SHA-1 or
> MD5

Neither password hashing nor certificate fingerprinting, as far as I can
see, use MD5.

Password hashing, indeed, uses SHA-1. It's still secure, as far as I
know, but I understand that you're likely just need a checkbox "no
SHA-1 inside". Please, create a feature request at jira.mariadb.org for
that (use type=task, project=MDEV).

Certificate fingerprinting in mariadb-connector-c also uses SHA-1.
If think it might make sense to allow other digest algorithms too.
Please, create a feature request at jira.mariadb.org (project=CONC).

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx

Follow ups

Re: Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?
From: Lukas Javorsky, 2021-03-22

References

Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?
From: Lukas Javorsky, 2021-03-17
Re: Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?
From: Sergei Golubchik, 2021-03-17
Re: Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?
From: Eliezer Croitoru, 2021-03-18
Re: Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?
From: Daniel Black, 2021-03-19
Re: Is it possible to upgrade SHA-1 and MD5 algorithms in Mariadb-10.5?
From: Lukas Javorsky, 2021-03-19