Hans Leidekker hans@meelstraat.net writes:
I noticed the arrival of an RSA OAEP implementation in GnuTLS and wanted to use that to support the algorithm in Wine. Windows supports it using the old MD5 and SHA1 hash functions, so my question is: would you accept a patch like below that adds these hashes?
Hi,
I'm fine accepting patches for interop with various legacy systems, if there's a reasonable usecase, but I don't want to add anything with md5 in it merely for completeness. Can you give a bit more details on your usecase? Which windows functions do you want to support or interop with? What will break if you support only the sha2-variants of RSA-OAEP?
Despite md5 and sha1 being generally deprecated, I'm not sure about whether they're considered insecure when used for RSA-OAEP (via wikipedia, I found this old paper that seems to imply that the underlying hash function doesn't need to be that strong: https://eprint.iacr.org/2006/223).
Regards, /Niels