Ping a Specific Port

Question

mc0e

Asked: 2014-09-20 21:09:31 +0800 CST2014-09-20 21:09:31 +0800 CST 2014-09-20 21:09:31 +0800 CST

Deprecation of RSA-SHA-1 in DKIM keys?

772

I recently noticed that opendkim on my mail server is objecting to DKIM signatures from a client, saying their key is insecure. It may be that that's due to lack of secure DNS (confirmation?) but I also noticed that the signing algorithm is shown as a=rsa-sha1, and with the move to Deprecate SHA-1 in other contexts, I'm wondering how urgent this is for DKIM?

It is now feasible to brute-force SHA-1 hashes. Am I correct in thinking that this would need to be done for each message an attacker wished to forge the signature for, without being able to re-use that work for the next message?

1 Answers

Voted

Paul · Answer 1 · 2021-11-15T09:46:42+08:00

Paul

2021-11-15T09:46:42+08:002021-11-15T09:46:42+08:00

Yes, as of January 2018, SHA-1 is deprecated as per RFC 8301. From the perspective of server administration of DKIM signing keys, the RFC will take precedence because the receiving server will fail the authentication test when signed with SHA-1, and is expected do so regardless of actual computational threat level.

1

Deprecation of RSA-SHA-1 in DKIM keys?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?