Linux Looks To Remove SHA1 Support For Signing Kernel Modules

www.phoronix.com

Linux Looks To Remove SHA1 Support For Signing Kernel Modules

www.phoronix.com

cm0002@suppo.fi to

Linux@programming.dev · 13 hours ago

Patches posted to the Linux kernel mailing list this week are seeking to remove SHA1 support for signing of kernel modules. This is part of the larger effort in the industry for moving away from SHA1 given its vulnerabilities to hash collisions and superior hashing algorithms being available.

SUSE engineer Petr Pavlu sent out the patch set this week to remove SHA1 support for module signing within the Linux kernel. He noted on that patch series:

"SHA-1 is considered deprecated and insecure due to vulnerabilities that can lead to hash collisions. Most distributions have already been using SHA-2 for module signing because of this. The default was also changed last year from SHA-1 to SHA-512 in f3b93547b91a (“module: sign with sha512 instead of sha1 by default”). This was not reported to cause any issues. Therefore, it now seems to be a good time to remove SHA-1 support for module signing.

Looking at the configs of several distributions, it seems only Android still uses SHA-1 for module signing."

You must log in or # to comment.

Chat

Linux@programming.dev

linux@programming.dev

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@programming.dev

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

854 users / day
2.4K users / week
4.99K users / month
9.58K users / 6 months
1 local subscriber
10.1K subscribers
1.63K Posts
10.4K Comments
Modlog