Hal Murray <hmur...@megapathdsl.net>:
>
> Eric said:
> > What could we say, other than: "Both MD5 and SHA-1 have been compromised.
> > Don't trust either of the alternatives we actually support." :-)
>
> We support anything OpenSSL supports. It's just that ntpkeygen and all the
> documentation hides it.
>
> >From man dgst on Fedora:
> openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384,
> sha512, md4, md5, blake2b, blake2s - message digests
>
> One of those must be good enough.
>
> -----------
>
> https://csrc.nist.gov/Projects/Hash-Functions
>
> Looks like the shannn are blessed by FIPS 180-4
> I'll update the doc to mention them.
Better check to make sure the support is in place first. I think I remember
floating a patch for that only to have Daniel thumbs-down it and say he
was going to do do that.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
