Crypto tangle
Kurt Roeckx
kurt at roeckx.be
Fri Jan 27 19:47:46 UTC 2017
On Fri, Jan 27, 2017 at 08:38:06PM +0100, Achim Gratz wrote:
> Eric S. Raymond writes:
> > It depends on which MAC algorithms we want to support, a question I've opened
> > in a recent email. It looks like libsodium's support for hash functions in
> > our set is limited to SHA-2, so libsodium can't replace OpenSSL.
>
> SHA1 will go out of OpenSSL sooner than you might wish and I guess it
> wasn't a simple oversight that it isn't in libsodium. SHA1 is
> considered broken for cryptography (not quite as badly as MD5) and the
> crypto folks will weed it out to prevent people from still using it.
I think it's unlikely that SHA1 will be removed from OpenSSL soon.
We still have things like MD2 in it, but very recently decided it
was time to disable it by default. I think that as there still are
clearly users for, it won't go away by default.
But you should move away from it as soon as you can.
Kurt
More information about the devel
mailing list