(DSA 1024 signatures generally use the SHA1 hash)
One DSA1024 key present even now in MX Linux (key id 630239CC130E1A7FD81A27B140976EAF437D05B5) was the matter of a HIGH Importance issue on Ubuntu, fixed back in 2016
( Ref: https://bugs.launchpad.net/ubuntu/+sour ... ug/1363482 )
Debian SHUT OFF SHA1 on 1 Jan 2017 ( Ref: https://wiki.debian.org/Teams/Apt/Sha1Removal )
So, just intercepting HTTP would be enough for anyone (not just the real private key holders) to deliver fake signed release files in the guise of http://deb.debian.org/debian (or any repo, all of which use HTTP).
1) SHA1 is KNOWN TO BE INSECURE AND IS ALREADY BROKEN AS OF 2017 !!!
https://en.wikipedia.org/wiki/SHA-1
https://security.googleblog.com/2017/02 ... ision.html
https://shattered.io/
2) DSA1024 is VERY unsafe and can be broken anytime now.
MX Linux has many keys in /etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d/*.gpg using these, and these are trusted by apt, even for signing release files on behalf of the official repos.
There are also many historic keys (like that or Warren Woodford from MEPIS, medibuntu), many individuals' keys (like Christian Marillat, Adam Blackburn, Hendrik Rittich), many companies' keys (Oracle Corporation, innotek GmbH, Opera Software) etc., in these places where apt trusts them.
There are 37 keys trusted by apt, most of which use DSA1024 with the ALREADY BROKEN SHA1.
I trust only 11 of these 37 -- the official Debian, MX and antiX keys.
EDIT: Those 2 Ubuntu keys currently used in MX are no longer used by Ubuntu. They are from 2004 and use the insecure DSA-1024 / SHA-1 .
( Ref: https://bugs.launchpad.net/ubuntu/+sour ... ug/1363482 )
The rest 26 are not trusted at all (at least in my case).
This is a CONSIDERABLE security threat, especially as SHA1 is ALREADY BROKEN
Code: Select all
$ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub dsa1024 2005-10-29 [SC] [expired: 2011-01-22]
1F5C 2E81 5EC2 9445 3B15 233C D3F9 85C5 1A77 B3E9
uid [ expired] Warren Woodford (MEPIS Maintainers) <dev@mepis.org>
pub dsa1024 2004-09-12 [SC]
6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5
uid [ unknown] Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub elg2048 2004-09-12 [E]
pub dsa1024 2006-11-23 [SC]
64D1 5ADA FA81 B2C5 619B 3297 2EBC 26B6 0C5A 2783
uid [ unknown] The Medibuntu Team <medibuntu@sos-sts.com>
sub elg2048 2006-11-23 [E]
pub dsa1024 2004-12-30 [SC]
C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
uid [ unknown] Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
pub dsa1024 1999-10-03 [SC]
1D7F C53F 80F8 52C1 88F4 ED0B 07DC 563D 1F41 B907
uid [ unknown] Christian Marillat <marillat@debian.org>
uid [ unknown] Christian Marillat <marillat@free.fr>
sub elg1536 1999-10-03 [E]
sub dsa1024 2002-08-26 [SCA]
pub dsa1024 2007-02-07 [SC]
64C3 6120 DA8D 91E7 378B E79F 3916 C431 F809 94F6
uid [ unknown] Stefan Lippers-Hollmann (sidux.com) <s.l-h@gmx.de>
sub elg4096 2007-02-07 [E]
pub dsa1024 2006-09-26 [SC] [expired: 2009-09-25]
CD5A 9776 9F6E F4D9 EBCD 8F92 0334 3153 6A42 3791
uid [ expired] Opera Software Archive Automatic Signing Key <hostmaster@opera.com>
pub dsa1024 2007-06-04 [SC]
6947 BD50 026A E8C8 9AC4 09FD 390E C3FF 927C CC73
uid [ unknown] innotek GmbH (archive signing key) <info@innotek.de>
sub elg2048 2007-06-04 [E]
pub dsa1024 2008-09-13 [SCA]
B80B CDE3 19EE 84E0 A353 E7CF FEC8 20F4 B8C0 755A
uid [ unknown] Adam Blackburn <compwiz18@gmail.com>
sub elg2048 2008-09-13 [E]
pub dsa1024 2008-07-14 [SC]
AF45 1228 01DA D613 29EF 9570 DCF9 F87B 6DFB CBAE
uid [ unknown] Sun Microsystems, Inc. (xVM VirtualBox archive signing key) <info@virtualbox.org>
sub elg2048 2008-07-14 [E]
pub dsa1024 2008-09-14 [SC] [expired: 2010-09-14]
A949 B28F 7A96 8063 6CA3 36DE 81D4 980F A170 4726
uid [ expired] Hendrik Rittich <hendrik.rittich@gmx.de>
pub dsa1024 2009-05-11 [SC]
70C4 F178 C4AC 36D2 9A3B 52F0 3EFF 4F27 2FB2 CD80
uid [ unknown] Steven Barrett <damentz@gmail.com>
sub elg2048 2009-05-11 [E]
pub dsa1024 2010-05-18 [SC]
7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
sub elg2048 2010-05-18 [E]
pub dsa1024 2009-08-31 [SC] [expired: 2011-01-23]
8526 E45F AF83 DE2F 634C 1909 F9A2 F76A 9D1A 0061
uid [ expired] Opera Software Archive Automatic Signing Key 2010 <packager@opera.com>
pub dsa1024 2011-01-22 [SC]
565F 67CD 02BA 29CF 4F5D 5405 E6AD 81A8 B9FB E3CE
uid [ unknown] Warren Woodford (MEPIS Maintainers) <dev@mepis.org>
sub elg1024 2011-01-22 [E]
pub dsa1024 2010-11-08 [SCA]
EA29 BBBE 6A41 95E6 EF3C E709 A40E 385D 15B0 B570
uid [ unknown] aurelien (Be Free!) <ice.cube@gmx.com>
sub elg2048 2010-11-08 [E]
pub dsa1024 2010-12-08 [SC] [expired: 2012-12-07]
DB3D FC6C 82D3 D79B 4590 F276 0393 B863 8C00 FC18
uid [ expired] Hendrik Rittich <hendrik.rittich@gmx.de>
pub rsa2048 2010-03-31 [SC]
5929 601B 7779 956E 0117 749A 515F 1784 FFF0 6A93
uid [ unknown] Dedinčanov archív balíkov (Debian APT repositary) <dedincan@slavino.sk>
pub rsa1024 2012-03-11 [SC] [expired: 2013-03-11]
255F 0237 51CF AA0F 3B78 F548 F4EA 6AF9 3465 FC9B
uid [ expired] David deJong (Dave) <david@daveserver.info>
pub rsa2048 2012-04-14 [SC]
48A9 B686 96FF FD91 ED9C 5AD8 8982 541D FD08 FE04
uid [ unknown] antiX (this is for the antix repo) <antix@daveserver.info>
sub rsa2048 2012-04-14 [E]
pub dsa1024 2011-11-08 [SC] [expired: 2013-01-11]
5C68 6B8F D30F A0E6 AB7E 6DAE AAFF 4A5B 3360 64B5
uid [ expired] Opera Software Archive Automatic Signing Key 2012 <packager@opera.com>
pub dsa1024 2009-12-11 [SCA]
3289 E2A9 7822 F308 E660 30F0 7DCA C92F 09F8 ECEF
uid [ unknown] aurele (Free your Gnu !) <ice.cube@gmx.com>
sub elg2048 2009-12-11 [E]
pub dsa2048 2013-05-25 [SC]
D95E 9BC9 3D63 42FA 4843 805E 0CA3 2171 3B07 EE13
uid [ unknown] MEPIS Community Repository (CR Signing key) <repo@teharris.net>
sub elg2048 2013-05-25 [E]
pub dsa1024 2010-09-20 [SC] [expired: 2015-02-06]
2920 868D C0F8 016A A35A A0F8 E429 CCF8 6CE3 3D20
uid [ expired] home:gottcode OBS Project <home:gottcode@build.opensuse.org>
pub dsa2048 2014-01-21 [SCA] [expired: 2019-01-20]
C8CF 3513 60C3 7394 5178 8AE5 81E7 7EAF 14E2 25A0
uid [ expired] MX Community Repository <repo@teharris.net>
/etc/apt/trusted.gpg.d/antix-archive-keyring.gpg
------------------------------------------------
pub rsa2048 2013-03-13 [SC] [expires: 2024-04-25]
ED57 48AC 0E57 5DD2 49A5 6B84 DB36 CDF3 452F 0C20
uid [ unknown] antiX Linux repo <repo@antixlinux.com>
sub rsa2048 2013-03-13 [E] [expires: 2024-04-25]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
------------------------------------------------------------
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936
uid [ unknown] Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
---------------------------------------------------------------------
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC53 0D52 0F2F 3269 F5E9 8313 A484 4904 4AAD 5C5D
uid [ unknown] Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
---------------------------------------------------------
pub rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
A428 5295 FC7B 1A81 6000 62A9 605C 66F0 0D6C 9793
uid [ unknown] Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
uid [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
5E61 B217 265D A980 7A23 C5FF 4DFA B270 CAA9 6DFA
uid [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
6D33 866E DD8F FA41 C014 3AED DCC9 EFBF 77E1 1517
uid [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
E1CF 20DD FFE4 B89E 8026 58F1 E0B1 1894 F66A EC98
uid [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub rsa4096 2017-05-22 [S] [expires: 2025-05-20]
/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
6ED6 F5CB 5FA6 FB2F 460A E88E EDA0 D238 8AE2 2BA9
uid [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub rsa4096 2017-05-22 [S] [expires: 2025-05-20]
/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
067E 3C45 6BAE 240A CEE8 8F6F EF0F 382A 1A7B 6500
uid [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/mx21-archive-keyring.gpg
-----------------------------------------------
pub rsa2048 2021-02-06 [SC]
7854 EF6B F0E8 CC66 5736 4CF8 F942 E0D4 E1C7 26CD
uid [ unknown] MX-21 Repository <maintainer@mxrepo.com>
sub rsa2048 2021-02-06 [E]
https://en.wikipedia.org/wiki/Digital_S ... generation
NIST SP 800-57 Part 1 Rev. 5 ( https://doi.org/10.6028/NIST.SP.800-57pt1r5 ) says that RSA1024 and DSA1024 have <=80 bits of security (Ref: Table 2 of NIST SP 800-57 Part 1 Rev. 5)NIST 800-57 recommends lengths of [at least] 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030)
- NIST SP 800-57 Part 1 Rev. 5 Section 5.6.1.1Also, note that algorithm/key-size combinations that have been estimated at a maximum security
strength of less than 112 bits (i.e., at ≤ 80, as shown in orange above) are no longer approved for
applying cryptographic protection on federal government information (e.g., encrypting data or
generating a digital signature).
BTW I think MX 21 should start using RSA4096 , not RSA2048.
Debian has been using RSA4096 from STRETCH (Debian 9) onward.
Even if it is not broken (no, it will be broken soon and SHA1 is ALREADY BROKEN) , it greatly increases attack surface , by trusting 37 keys which can validly sign release files and may deliver it in the guise of the official repo by intercepting the insecure HTTP over which the repos work.
This discussion is forked off from my post on the MX 21 Beta 2 thread.
BTW I got an old discussion on this (after a lot of searching) at viewtopic.php?f=104&t=64322SwampRabbit wrote: ↑Fri Sep 24, 2021 4:01 pm @TimothySimon First why in the world are we pointing to NIST RMF stuff in this Beta thread. I’m not knocking any NIST SP (I mean someone was part of writing quite a few of them), but any standard or framework should not be blindly blanketed on anything just because.
It’s not like we have known compromised keys … like ummm… any Buntu based Distro, Manjaro, and a few others did (might still) awhile ago.
But I’m not worried and I’ll leave that for what it’s worth.
This discussion and any other should be moved out of this Beta thread and into something else like Chat.
and I'm really getting worried.
EDIT: What I'm saying is that DSA1024 and SHA1 is INSECURE, and SHA1 is already proven to be broken. The old discussion had a lot of FUD, and it did not point out the insecurity of DSA1024 and that SHA1 was already broken in 2017.
Some more links to read:
https://github.com/jitsi/jitsi/issues/203
https://www.reddit.com/r/linux/comments ... _key_from/
Moderator: removed sizing, please don't shout