Use of MD5 and SHA-1 as cryptographic hashing algorithms for message encryption can result in the same hash for different messages. Attackers may exploit the "collision" of same hashes, weakening the integrity of the encryption.
As a security measure against vulnerable raw hashes, Ribbon uses digital signature based SHA-256 algorithm to verify the origin and integrity of signed software and data files. The most common usage of the SHA-256 algorithm for the SBC are as follows:
- Generation of files with the extensions such as
.iso,.ova, and.qcow2 - Compressed files, such as
cloudTemplates.tar.gzandcreateConfigDrive.tar.gz - Installation and upgrade packages
Note
For SBC Core 9.0, MD5 is used in the following scenarios:
- Encrypted Store
- SNMP (
sonusSnmpAuthProtocolType) - NTP (
sonusNtpKeyType) - BMC/BIOS
Overview
Content Tools