Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
rrysiew Absent Member.
Absent Member.
2630 views

Replace MD5 with SHA-2?

Hi,
A vulnerability scanner recommends that on one of my Netware servers (6.5, sp8) that I cease to use MD5 and instead use SHA-2
Not sure what this means.
Is it possible to do this, if so, how?
Thanks,
Rob
Labels (2)
0 Likes
2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Replace MD5 with SHA-2?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A vulnerability scanner recommends a lot of things, but they are made to
be used by those who have spent their lives researching the issues and
understanding the implications of the recommendations and the business
cases that trump them. For example there is nothing inherently wrong with
md5sum, sha1sum, or any other checksum. Each has varying strengths and
weaknesses. md5sum is getting a bit old and collisions (a bad things for
a checksum) have been found to be created without as much work as one
would like so it is possible to make something bad look like something
good with a bit of work and a decent computer setup (plus time for it to run).

Chances are good that your scanner is telling you that some certificates
it found being served up by NetWare (via Apache or eDirectory (LDAP,
iMonitor) I would guess) are using an md5sum for their checksum. This
same issue came up two weeks ago in this forum with the thread subject,
"Another Vulnerability". Feel free to give that a read for more
information on the actual (non-)issue here. It's possible there is a
problem but if you were in the business where you could be exploited you
would already be intimately familiar with the actual issue in its
entirety. By default eDirectory does create SHA-hashed certificates (at
least every version I can find and test does) so that isn't an issue. If
Apache or Tomcat is using a self-signed certificate then it is not
vulnerable to the issue referred-to anyway since that requires a
third-party CA to be involved.

Good luck.





rrysiew wrote:
> Hi,
> A vulnerability scanner recommends that on one of my Netware servers
> (6.5, sp8) that I cease to use MD5 and instead use SHA-2
> Not sure what this means.
> Is it possible to do this, if so, how?
> Thanks,
> Rob
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKO5nYAAoJEF+XTK08PnB5GLMQANgDw0KnbPA/UoS99hGPPbyR
oCfjXagUJl8+JA95j3OUuq0vuhC8Nu2NzK86oC+3vxB+LFdxdFpdcyg+ocQA0Y7z
R32G9jbVtr6NfcvxEYwfajGU8gvNlPA3ayuyJKcF0tY58XidE+b0wbm92NUUPAI7
r3v06oGZOUV3/bw4QUtKcYmRn8pkhZBWXJp3S7xzHhTNRIcN9dt9qw0FuzN99zL0
DwAV5MLiK8DAiwMkGciMAMpZ0nK3dolA8OOcsM9GjsQLBvoExIpG1u6qopXlnh5k
2l/kUjV4EWap77pstsaYBIgGamGxWqz6BdkcD1g8+/+zndb18xhnADAeIEuxaIEF
718T6Ajb54gn2TyyGkoXFOpLKNmkmplomae+ChUUOh3m2HtEnDqWXyPlBb7E1FVp
QGYdGeIsoetDk4SJ2z3qSH7SsUfs9b06w6jbWI8FSiMrgF7LNImfDq/4ViyLOFXN
zDy/A5UAxsd2waPXCfxzF6/+KzdLGgBGVmHrG7BCZDU+VX4LwhdRH4Fy3CiSfIDG
yBXvfV31FtUX+8bhjRrcbgvGCHZNUPjJNCfm4V8v00lHlbCswhSWijYboLP+LbI8
0jW6yHBDg2BIkib34uFxsJUr85EGoSN+z4mPxMHKw4s0a2FPotjsLd7gONewkF2G
bu80VXQ79bpjINXHIbgN
=t0x8
-----END PGP SIGNATURE-----
0 Likes
rrysiew Absent Member.
Absent Member.

Re: Replace MD5 with SHA-2?

Thanks for your help
R
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.