Received: by 10.224.78.209 with SMTP id m17mr7827786qak.3.1349456612387;
        Fri, 05 Oct 2012 10:03:32 -0700 (PDT)
X-BeenThere: android-security-discuss@googlegroups.com
Received: by 10.229.135.3 with SMTP id l3ls5231950qct.6.gmail; Fri, 05 Oct
 2012 10:03:20 -0700 (PDT)
Received: by 10.224.70.131 with SMTP id d3mr7823827qaj.0.1349456600917;
        Fri, 05 Oct 2012 10:03:20 -0700 (PDT)
Received: by 10.224.28.72 with SMTP id l8msqac;
        Thu, 4 Oct 2012 11:23:55 -0700 (PDT)
Received: by 10.236.115.33 with SMTP id d21mr788064yhh.12.1349375034564;
        Thu, 04 Oct 2012 11:23:54 -0700 (PDT)
Date: Thu, 4 Oct 2012 11:23:52 -0700 (PDT)
From: Jakob Bohm <jb-goo...@wisemo.com>
To: android-security-discuss@googlegroups.com
Message-Id: <304f74d1-15a1-437e-b84c-eaba6479ef0c@googlegroups.com>
Subject: Insecure algorithm choices suggested for apk signing
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_0_21269809.1349375032990"

------=_Part_0_21269809.1349375032990
Content-Type: multipart/alternative; 
	boundary="----=_Part_1_10929560.1349375032990"

------=_Part_1_10929560.1349375032990
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

In the official guide at 
http://developer.android.com/tools/publishing/app-signing.html it is 
strongly recommended that developers use self-signed certificates valid 
until the year 2034, but using cryptographic algorithms that are not even 
secure for use in the year 2012, specifically that page strongly recommends 
(almost insists) that signing should be done with a combination of MD5 
(completely broken!), SHA-1 (mostly broken, deprecated) and 2048 bit RSA 
(the minimum key length for use in 2012, way too weak for 2033).

This raises two obvious questions:

1. Why hasn't that page been updated to reflect the "current" state of the 
art?

2. What are the maximum key and algorithm strengths supported by the apk 
verification code in different Android versions (For instance an apk that 
is supposed to be compatible with Android 2.1 devices is limited to 
whatever strength Android 2.1 can verify, but another apk that has a 
minimum system requirement of Android 3.0 anyway is only limited by 
whatever Android 3.0 and later can verify)?


------=_Part_1_10929560.1349375032990
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

In the official guide at <span style=3D"color:#7030A0"> <a href=3D"http://d=
eveloper.android.com/tools/publishing/app-signing.html">http://developer.an=
droid.com/tools/publishing/app-signing.html</a> it is strongly recommended =
that developers use self-signed certificates valid until the year 2034, but=
 using cryptographic algorithms that are not even secure for use in the yea=
r 2012, specifically that page strongly recommends (almost insists) that si=
gning should be done with a combination of MD5 (completely broken!), SHA-1 =
(mostly broken, deprecated) and 2048 bit RSA (the minimum key length for us=
e in 2012, way too weak for 2033).<br><br>This raises two obvious questions=
:<br><br>1. Why hasn't that page been updated to reflect the "current" stat=
e of the art?<br><br>2. What are the maximum key and algorithm strengths su=
pported by the apk verification code in different Android versions (For ins=
tance an apk that is supposed to be compatible with Android 2.1 devices is =
limited to whatever strength Android 2.1 can verify, but another apk that h=
as a minimum system requirement of Android 3.0 anyway is only limited by wh=
atever Android 3.0 and later can verify)?<br><br></span>
------=_Part_1_10929560.1349375032990--

------=_Part_0_21269809.1349375032990--