On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote:
> > Ah thanks for the heads up, posttls-finger returned sha1, probably
> > because it runs OpenSSL 1.0.x.
>
> "The best practice algorithm is now sha1", maybe thats why it is default
> in posttls-finger, or what do you say Viktor? :)
That was written when MD5 was still in wide use. At this point
even SHA-1 is no longer best practice. Instead, in many cases
SHA2-256 is now preferred. There are still many cases for which
SHA-1 is quite sufficient, but you have to understand the
context to determine whether this applies.
It seems that as a community, for better or worse, we tend to
abandon crypto algorithms for all use-cases as soon as any use-case
is broken. Therefore, SHA-1 is also now deprecated, even though
e.g. SHA1-HMAC is still quite safe, and uses that only depend on
2nd-preimage resistance are also IIRC safe at this time.
However, Postfix maintains a backwards-compatible default of md5.
Perhaps now that we have a compatibility level, we could at least
move to sha1 (moving to SHA2-256 would break with very old, but
still supported by Postfix OpenSSL releases).
--
Viktor.
