can someone tell why Outlook client S/MIME settings use SHA1 as the default Hash Algorithm?
Doesn't that put the certificate private key to a risk when weak algorithm is used? Or am I misunderstanding the signing process?
Thanks, -Harri
Add a comment
|
3 Answers
Doesn't that put the certificate private key to a risk when weak algorithm is used?
No. The private key is not hashed and never published that way – instead the message data is hashed and that hash gets signed with the private key.
But even if the private key were actually hashed and the hash published, the key is still long enough that it remains impossible to guess it from the SHA1 hash.
The main weakness of SHA1 and MD5 is about creating identical hashes from different data – not about recovering the original data from a hash (which, as far as I've read, is still only doable through brute force).
So the risk here is that someone could take your signed message, then create their own specially formatted message that has different text yet still matches the old signature (because the message data hashes to the same value).
why Outlook client S/MIME settings use SHA1 as the default Hash Algorithm?
I'm only guessing, but most likely it's just in case your recipients might still be using clients which do not support validating SHA256-based signatures. It used to default to 3DES encryption for the same reason.
(PGP keys usually indicate what algorithms are supported by the key owner's software, but that's much less common for S/MIME, as the S/MIME certificate is usually issued without knowing what mail client it'll be used with.)
answered Nov 4, 2020 at 11:08
You may set the default hash algorithm in Outlook in:
File > Options > Trust Center > Trust Center Settings > E-Mail Security > Settings > Hash Algorithm.
If it has only SHA1 on the list of available algorithms, this means that the certificate only supports SHA1. Check with your Provider to see if the certificate given to you also supports other hash algorithms (SHA512, SHA384, SHA256).
-
1RSA certificates always support all hash algorithms (and this has nothing to do with the algorithm that was used when the certificate itself was signed – an RSA certificate carrying a SHA1 signature from the CA can still generate SHA256 or SHA384 signatures itself, though all such certificates should have already expired by now). I guess this could happen with ECDSA, since an older S/MIME spec (rfc3278) did require SHA1 to be used, but if that's really the case then the whole Outlook app would have to be upgraded... Commented Nov 5, 2020 at 8:36
You might try setting others as Default Hash Algorithm via group policy.
Reference link:https://getadmx.com/?Category=Symantec-PKI-Client&Policy=Com.Symantec.PKIClient.Policies.PolicySettings::OutlookProfileConfiguration
