SHA1 vs crypto doc

Hal Murray hmurray at
Fri Jan 5 18:30:06 UTC 2018

Eric said:
> What could we say, other than: "Both MD5 and SHA-1 have been compromised.
> Don't trust either of the alternatives we actually support." :-) 

We support anything OpenSSL supports.  It's just that ntpkeygen and all the 
documentation hides it.

>From man dgst on Fedora:
       openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384,
       sha512, md4, md5, blake2b, blake2s - message digests

One of those must be good enough.


Looks like the shannn are blessed by FIPS 180-4
I'll update the doc to mention them.

These are my opinions.  I hate spam.

More information about the devel mailing list