Certificate hashes don't include SHA256

Originator:creasepattern
Number:rdar://16680083 Date Originated:April 21, 2014
Status:Duplicate Resolved:
Product:OS X Product Version:10.9
Classification:Security Reproducible:Always
 
Lucas Garron21-Apr-2014 03:36 PM

Summary:
Certificates in OX only show SHA1 and MD5 hashes.

- MD5 is dead, especially for certs: http://www.win.tue.nl/hashclash/Nostradamus/ http://www.win.tue.nl/hashclash/rogue-ca/
- SHA1 is on the way out: http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/

It would be nice to have SHA256 (I have actually needed it for a specific purpose).
SHA512 wouldn't hurt (or SHA3 once Keccak is finalized.)

Steps to Reproduce:
1. View a certificate in OSX (e.g. in `Keychain Access.app` or Quicklook in Finder).
2. Scroll to "Fingerprints" at the bottom.
3. Observe SHA1 and MD5.

Expected Results:
SHA256? :-D

Actual Results:
No SHA256.

Version:
Mavericks (10.9.2)

Notes:


Configuration:


Attachments:
[Screenshot 2014-04-16 00.20.53.png]

Comments

Marked by Apple Engineering as a duplicate of 15463299 (Open, not on Open Radar) on 2014-04-30.

By creasepattern at Feb. 10, 2015, 4:59 a.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!