Use of MD5 and SHA-1 as cryptographic hashing algorithms for message encryption can result in the same hash for different messages. Attackers may exploit the "collision" of same hashes, weakening the integrity of the encryption.

As a security measure against vulnerable raw hashes, Ribbon now uses digital signature based SHA-256 algorithm to verify the origin and integrity of signed software and data files. The most common usage of the SHA-256 algorithm for the SBC are as follows:

  • Generation of files with the extensions such as .iso, .ova, and .qcow2
  • Compressed files, such as cloudTemplates.tar.gz and createConfigDrive.tar.gz
  • Installation and upgrade packages


Note

For SBC Core 9.0, MD5 is used in the following scenarios:

  • Encrypted Store
  • SNMP (sonusSnmpAuthProtocolType)
  • NTP (sonusNtpKeyType)
  • BMC/BIOS