Linux 6.7 Reducing The Roles For Some Insecure/Obsolete Crypto Algorithms

Written by Michael Larabel in Linux Kernel on 4 November 2023 at 06:18 AM EDT. 2 Comments
LINUX KERNEL
The crypto subsystem updates for the Linux 6.7 kernel includes the usual churn like various crypto acceleration updates for different SoCs and other routine changes plus is also limiting the role of some insecure and/or obsolete crypto hashing algorithms.

With the Linux 6.7 kernel, the role of SHA1 has been reduced. The crypto PKCS7 code has removed SHA1 support that means no more signing of kernel modules using SHA1 or importing SHA1 signed X.509 certificates. SHA1 remains in the kernel for use by drivers for different purposes but when it comes to signing modules or importing X.509 certificates, it's no more. SHA256 or better algorithms are available for signing kernel modules.

The Linux 6.7 crypto update also removes MD4 and MD5 hashing and signatures in X.509 certificates and signatures. MD4 and MD5 are deemed insecure or broken and already for years users should have been using an alternative hashing implementations. This was also likely the last user of the MD4 crypto code in the kernel.

Linux 6.7 also drops SHA-224 authenticode support in the mscode_parser since it has similar costs to SHA-256 and Windows Authentication infrastructure for Secure Boot keys never supported SHA-224. All Secure Boot keys for Linux have also always been using at least SHA-256.

Those are the main highlights of the crypto updates for the Linux 6.7 kernel merge window.
2 Comments
Related News
Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted
Significant CRC32C Throughput Optimization On The Way To The Linux Kernel
Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia
Linus Torvalds Growing Frustrated By Buggy Hardware & Theoretical CPU Attacks
Linux 6.12-rc4 Released With MSI Claw A1M Controller Support, Intel & AMD Fixes
Lightweight Guard Pages For Linux Showing 5x Speed-Up For Memory Mapping Invocations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Concerns Raised Over Bitwarden Moving Further Away From Open-Source
Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted
Linus Torvalds Growing Frustrated By Buggy Hardware & Theoretical CPU Attacks
Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia
"100% Free" GNU Boot Discovers Again They Have Been Shipping Non-Free Code
AMD Linux Graphics Driver To Switch To More Aggressive Power Heuristics By Default
Ubuntu Considers Replacing initramfs-tools With Dracut
ReiserFS File-System Expected To Be Removed With Linux 6.13