Author Topic: Which hash?  (Read 193 times)

Offline bellgamin

  • Newbie
  • *
  • Posts: 18
  • Kudos +0/-0
Which hash?
« on: February 21, 2020, 12:36:48 PM »
I was told that SAP indexes files on the system by SHA256, but identifies new files by MD5 and digital signature. Is this correct? If so, is MD5 safe enough for this purpose?

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 331
  • Kudos +16/-0
Re: Which hash?
« Reply #1 on: February 21, 2020, 02:23:57 PM »
SAP identify files by the SHA256 hash of their content.

Digital signature is another thing. It is depending on the following settings: https://support.secureaplus.com/how-can-i-manage-my-application-whitelisting-mode-using-digital-signature/
By default the trust by digital signature is enabled. This means if the SHA256 can't be found in its internal whitelist the database, SAP will check the digital signature.

Which hash algorithm is accepted for digital signature? This depends on Microsoft.
What I understand is until now, even in Windows 10, Microsoft still accept the old program that was signed using MD5 hash (https://security.stackexchange.com/questions/20419/code-signing-with-md5-on-windows-8).

Microsoft does this to allow older software, that has been signed using MD5, to be still able to run, because at the time when the software was signed, it was valid, and until now it is still valid.
For newer software, Microsoft does not allow them to use MD5 any more, so you will not be able to find any new software signed by MD5.
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/md5-signature-hash-deprecation-and-your-infrastructure/ba-p/400237#
Microsoft: For code signing certificates, we will allow signed binaries that were signed before March 2009 to continue to work, even if the signing cert used MD5 signature hash algorithm.

If you want to find out more about digital signature, the following article may help you to understand more: https://www.samlogic.net/articles/code-signing.htm
« Last Edit: February 21, 2020, 02:31:51 PM by hendy »