SHA1 vs crypto doc

Hal Murray hmurray at megapathdsl.net
Fri Jan 5 18:30:06 UTC 2018


Eric said:
> What could we say, other than: "Both MD5 and SHA-1 have been compromised.
> Don't trust either of the alternatives we actually support." :-) 

We support anything OpenSSL supports.  It's just that ntpkeygen and all the 
documentation hides it.

>From man dgst on Fedora:
       openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384,
       sha512, md4, md5, blake2b, blake2s - message digests

One of those must be good enough.

-----------

https://csrc.nist.gov/Projects/Hash-Functions

Looks like the shannn are blessed by FIPS 180-4
I'll update the doc to mention them.



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list