-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 03.01.2008 at 13:01 -0500, scott wrote:
> Referencing: > http://www.cse-cst.gc.ca/services/crypto-services/crypto-algorithms-e.html > > It is now 2008 and, per above link, the CSE de-lists certain HASH and > HMAC standards and algorithms, namely sha-1 is bumped to sha-224 (as a > minimum) including its downstream incorporations/reliances. > > With regard to openBSD's the broad sheet of crypto software -- ssh in > particular but not just ssh -- in so far as I can see from userland > (aka a non-developer) the userland user-interface presently limits in > places to sha-1. > > Not saying that oBSD is/isn't/should/shall be CSE compliant but rather > working from the premise that the CSE document is of merit and any > such de-listings are noteworthy, will the 2008 openBSD releases 4.3 > and 4.4 include -- i.e. pace -- and make usable at the userland > user-interface levels (e.g. sshd_config > MACs, et al) the modern > standards and algorithms. The above is an interesting issue. A related issue: is there any simple way to, say, disable use of a particular algorithm entirely? For example, if a serious compromise is found in an algorithm, can use of it (through whichever context: ssh, gpg, hashing, something else) be disabled? Dave. - -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92 iD8DBQFHk2Q4nhBnac0o2pIRApAeAKDJ6xVaFLePpCYdEhAS1LNUeixkRQCgt4yt E/bW1rD0EcGk1Omg5Yns8QA= =sbH3 -----END PGP SIGNATURE-----
