Bug#950295: gnome-keyring: uses MD5

brian m. carlson sandals at crustytoothpaste.net
Fri Jan 31 03:57:34 GMT 2020 

Package: gnome-keyring
Version: 3.34.0-1
Severity: normal
Tags: security

gnome-keyring makes copious use of MD5.  It hashes attributes with it
and uses it as an integrity check in the encrypted data.  Unfortunately,
MD5 is, according to CMU, “cryptographically broken and unsuitable for
further use.”  It has been known to be insecure since at least 2004.

While it is true that MD5 is not practically vulnerable to preimage
attacks, gnome-keyring cannot make assumptions about the data that it
may be asked to store and therefore cannot rule out collisions as an
attack vector.  Additionally, MD5 is so weak and has been for so long
that its use is a major cryptographic red flag.

gnome-keyring should transition to algorithms which are not broken.
SHA-2, SHA-3, and BLAKE2 are all valid options for secure, robust hash
algorithms, and BLAKE2 is faster than MD5, in the unlikely situation
upstream feels performance is a concern.  Moreover, libgcrypt supports
all of these options.

While the upgrade is taking place, it may be prudent to consider using a
MAC (such as HMAC with a suitably secure algorithm) as an integrity
check instead of an encrypted hash.  This allows the integrity check to
occur before any data is decrypted and is in line with best practices
that encourage using encrypt-then-mac.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-keyring depends on:
ii  dbus-user-session [default-dbus-session-bus]  1.12.16-2
ii  dbus-x11 [dbus-session-bus]                   1.12.16-2
ii  dconf-gsettings-backend [gsettings-backend]   0.34.0-2
ii  gcr                                           3.34.0-1
ii  libc6                                         2.29-9
ii  libcap-ng0                                    0.7.9-2.1+b1
ii  libcap2-bin                                   1:2.27-1
ii  libgck-1-0                                    3.34.0-1
ii  libgcr-base-3-1                               3.34.0-1
ii  libgcrypt20                                   1.8.5-3
ii  libglib2.0-0                                  2.62.4-1+b1
ii  p11-kit                                       0.23.20-1
ii  pinentry-gnome3                               1.1.0-3+b1

Versions of packages gnome-keyring recommends:
ii  gnome-keyring-pkcs11  3.34.0-1
ii  libpam-gnome-keyring  3.34.0-1

gnome-keyring suggests no packages.

-- no debconf information

-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 868 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20200131/d1d4e9ad/attachment.sig>

More information about the pkg-gnome-maintainers mailing list