SHA1 vs crypto doc

Eric S. Raymond esr at
Fri Jan 5 21:26:17 UTC 2018

Hal Murray <hmurray at>:
> Eric said:
> > What could we say, other than: "Both MD5 and SHA-1 have been compromised.
> > Don't trust either of the alternatives we actually support." :-) 
> We support anything OpenSSL supports.  It's just that ntpkeygen and all the 
> documentation hides it.
> >From man dgst on Fedora:
>        openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384,
>        sha512, md4, md5, blake2b, blake2s - message digests
> One of those must be good enough.
> -----------
> Looks like the shannn are blessed by FIPS 180-4
> I'll update the doc to mention them.

Better check to make sure the support is in place first.  I think I remember
floating a patch for that only to have Daniel thumbs-down it and say he
was going to do do that.
		<a href="">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute:
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list