SHA1 vs crypto doc

Achim Gratz Stromeko at nexgo.de
Fri Jan 5 19:37:27 UTC 2018


Hal Murray via devel writes:
> Eric said:
>> What could we say, other than: "Both MD5 and SHA-1 have been compromised.
>> Don't trust either of the alternatives we actually support." :-) 
>
> We support anything OpenSSL supports.  It's just that ntpkeygen and all the 
> documentation hides it.
>
> From man dgst on Fedora:
>        openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384,
>        sha512, md4, md5, blake2b, blake2s - message digests
>
> One of those must be good enough.

Whatever you use, it's still a fixed key that resides in clear text in
some file that (hopefully) only root can read.  Plus it must be
distributed onto all machines that are expected to trust each other.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds



More information about the devel mailing list