Default digest and signing algorithms are weak and considered no longer secure #450
Comments
|
Practical for a state sponsored adversary, and the ability to create an XML document which will have the same signature with a SAML Response that you want to forge is still a couple of years away, but definitely LGTM. Would you care to send us a PR with the default algorithms replaced ? |
|
The file has a comment saying Is there a process I should use to generate a new file, or should I simply edit the existing file in-place? |
6 tasks
|
See #597 |
|
Move this issue here: thank you, it's still in progress ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SHA1 is broken, both in theory and in practice. Earlier this year, a team of researchers demonstrated a practical collision attack, producing two different files that hash to the same value: https://shattered.io/
On the current
masterbranch:https://github.com/rohe/pysaml2/blob/9cbbd9bd9f6bfa5e9ceace064dd1af4e2ff2f68c/src/saml2/xmldsig/__init__.py#L23
To fix this, SHA256 should be the default digest algorithm, and RSA-SHA256 the default signing algorithm.
Additionally, SHA1 is used for HMAC purposes, as HMAC-SHA1: https://github.com/rohe/pysaml2/blob/9cbbd9bd9f6bfa5e9ceace064dd1af4e2ff2f68c/src/saml2/xmldsig/__init__.py#L54
While the HMAC construction isn't obviously broken by the SHA1 developments above, it's probably a good idea to switch this to HMAC-SHA256 since there's no downside to simply using a stronger algorithm.
The text was updated successfully, but these errors were encountered: