Update SHA1 to SHA256 or SHA512Answered

Hey, I just had a look at the wyUpdater Client and I've seen, that hashes and signatures are SHA1 baseed. Is there a way to upgrade to SHA256 or SHA512?

As SHA1 is considered as insecure and can cause collisions, especially in such a big domain as patching files. It's easy to craft updates, with still a vaild signature by adding padding to the wyu file!

Is there any upgrade to a secure hashing algorithm possible?

Would it also be possible to upgrade the RSA signing keys from 2048 to 4096?

Answer

Yes, the next version updates all security standards to the latest and greatest.

Is there already an ETA for the update? What's also planned for this version to have “all security standards to the latest and greatest”?

Thank you for your input

Is there already an ETA for the update?

No. ASAP.

What's also planned for this version to have “all security standards to the latest and greatest”?

TLS 1.3 out of the box, among other things. There will be a full blog post covering the big things, and release notes covering the nitty-gritty details.

Hi there, I can't tell from the forum what year this answer was from. What's the current state of this?

2022.

What's the current state of this?

Coming soon. ASAP.

Hi.  Am very interested to know if there's an ETA for this update?  We will likely have to abandon this tool if we do not have a path forward for updating security standards to those known to not be vulnerable.  But we like the tool and would very much prefer to keep using it. Clarity on the timeline would be much appreciated.

No hard date. ASAP.

We've long since stopped using wyUpdate due to this issue. Any updates?

Reply
Discard post