Bug #103946 Deprecate SHA-1 and MD5 algorithms from mysql-server
Submitted: 8 Jun 2021 17:52 Modified: 9 Jun 2021 4:43
Reporter: Lukas Javorsky Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Encryption Severity:S4 (Feature request)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any
Tags: Crypto, server

[8 Jun 2021 17:52] Lukas Javorsky
Description:
This ticket is an RFE to remove usage of SHA1 and MD5 in MySQL components if possible.

The SHA-1 and the MD5 algorithms are weakening over time and they are not considered secure anymore for cryptography use cases.

We are packaging MySQL as part of the RHEL-9 and it is going to be supported for 10 years at least and during that time we need to make sure all components still comply with security standards.
That is why we want to avoid using weak cryptographic algorithms (SHA-1/MD5 in this case).

There are reports about SHA-1 weakness in 2020 out on the internet, and the computing power is only increasing, in a few years it could be broken into in a matter of days.

We realize this might require a substantial amount of work, but would like to know your perspective on this.

AFAIK you use these algorithms in the MySQL server, however, if it affects more components from you, please add an appropriate category to this bug.

How to repeat:
This bug is a feature request, thus doesn't have any reproducer
[8 Jun 2021 17:54] Lukas Javorsky
Forgot to add MD5 algorithm to the Summary of the bug
[9 Jun 2021 4:43] MySQL Verification Team
Hello Lukas,

Thank you for the report and feedback.

regards,
Umesh