Clock’s ticking for MD5-signed JAR files, says Oracle

The long march to obsolescence for the MD5 encryption algorithm might have been delayed a bit, but it’s still inevitable.

Oracle recently announced that any JAR (Java archive) files signed with the MD5 algorithm would instead be treated as unsigned, insecure and therefore blocked by Java as of this week’s massive security update, which included 270 fixes.

But with the update’s release came news of a delay on the ditching of MD5, because it seems some companies still need time to comply with this change — so Oracle has given a new deadline of April 18 2017.

For a long time, MD5 was the go-to hashing algorithm for JAR files, with the hash serving as a fixed-length digital fingerprint for the whole file.

After that date in April, however, developers will need to adopt a new method to sign their work, otherwise, Java will reject their applications altogether.

By running a value (like a URL) or a file through the MD5 algorithm, the function will return a unique 16-byte string, usually represented as a 32-digit hexadecimal number. You might have seen a note with a file’s MD5 hash when downloading executables, often included so you can make your own integrity comparison.

If you run your locally downloaded file through the MD5 checksum and get the same value as provided by the file’s originator, theoretically the two files should be exactly the same.

Unfortunately for MD5, during the mid 1990s, security researchers began uncovering the algorithm’s many exploitable flaws, including vulnerability to brute-force attacks. Of course, standards take some time to change, so MD5’s fall from grace came as a very slow decline. By 2008, CERT and the US Department of Homeland Security declared in no uncertain terms that MD5 “should avoid using the MD5 algorithm in any capacity…it should be considered cryptographically broken and unsuitable for further use”.

With its flaws increasingly apparent, MD5’s use has continued to drop, and organizations have been looking for alternative hashes to replace it. One of MD5’s initial successors was the SHA-1 algorithm, but it too has fallen out of favor in the past few years due to its own many security vulnerabilities. SHA-1 has proven so vulnerable that a number of organizations have dropped or will soon be dropping support for SHA-1 encrypted SSL certificates, including Google, Microsoft, Mozilla, and Apple.

The generally agreed-upon successor for MD5 and SHA-1 is the SHA-2 family of cryptographic hashes, which includes both SHA-512 and SHA-256 algorithms. The SHA-2 family of hashes is considered safer than its predecessors, and major industry leaders and standard-bearers are leading the charge in getting developers and organizations to leave SHA-1 behind. (And yes, there is also SHA-3, approved in 2012 after an extensive public competition and peer-review process.)

Given we’ve known about MD5’s flaws for a while now, Oracle’s delay in dropping support for the hash seems strange. Let’s hope there aren’t too many developers still scrambling for an alternative, though it appears we’ll find out for sure in April 2017.