>> Looks like the shannn are blessed by FIPS 180-4
>> I'll update the doc to mention them.
> Better check to make sure the support is in place first. I think I remember
> floating a patch for that only to have Daniel thumbs-down it and say he
> was going to do do that.
That turned into an intere
Hal Murray :
>
> Eric said:
> > What could we say, other than: "Both MD5 and SHA-1 have been compromised.
> > Don't trust either of the alternatives we actually support." :-)
>
> We support anything OpenSSL supports. It's just that ntpkeygen and all the
> documentation hides it.
>
> >From man
Hal Murray via devel writes:
> Eric said:
>> What could we say, other than: "Both MD5 and SHA-1 have been compromised.
>> Don't trust either of the alternatives we actually support." :-)
>
> We support anything OpenSSL supports. It's just that ntpkeygen and all the
> documentation hides it.
>
>
Eric said:
> What could we say, other than: "Both MD5 and SHA-1 have been compromised.
> Don't trust either of the alternatives we actually support." :-)
We support anything OpenSSL supports. It's just that ntpkeygen and all the
documentation hides it.
>From man dgst on Fedora:
openssl
Hal Murray :
> > No, SHA1 is no longer considered safe. The first collision was generated
> > early last year. The git team is considering a move to SHA-2 (I think - I
> > might be out of date on this.)
>
> Should we fix the documentation for the upcoming release?
What could we say, other than:
> No, SHA1 is no longer considered safe. The first collision was generated
> early last year. The git team is considering a move to SHA-2 (I think - I
> might be out of date on this.)
Should we fix the documentation for the upcoming release?
And update ntpkeygen.
There are comments in the doc
