On Fri, Jul 02, 2010 at 06:28:47PM -0400, Jeffrey Hutzelman wrote: > --On Friday, July 02, 2010 09:55:16 AM +0100 Darren J Moffat > <[email protected]> wrote: > >Given that in this case there are no backwards compatibility issues > >really the only acceptable choices are sha256/384/512 and personally I > >don't see much need for anything other than sha256. > > Actually, you're right... Even SHA-1 may be a bit silly in a new > protocol like this.
SHA-1 should be considered obsolete for digest purposes. Using it as a digest is begging for trouble using a mega-megaphone. The writing is not just on the wall for SHA-1 -- it's _been_ on the wall for a while. Any use of SHA-1 other than for HMAC, randomized digests, PRNGs, and KDFs, or non-security-senstive applications, is to be strongly discouraged (and the other uses are to be evaluated carefully, except maybe HMAC since we're quite confident of HMAC-SHA-1's security). IPS manifest signing is very much a security-sensitive application of hash functions used as digests. SHA-1 must not be used here. > >I very strongly recommend against mentioning anything about OpenSSL - it > >is an implementation detail not part of the interface of pkg(5). > > +1 +1 Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
