On 2014-11-20 18:21, Viktor Dukhovni wrote:
> On Thu, Nov 20, 2014 at 10:42:20AM +0100, Patrik B?t wrote:
>
>>> Ah thanks for the heads up, posttls-finger returned sha1, probably
>>> because it runs OpenSSL 1.0.x.
>> "The best practice algorithm is now sha1", maybe thats why it is default
>> in posttls-finger, or what do you say Viktor? :)
> That was written when MD5 was still in wide use. At this point
> even SHA-1 is no longer best practice. Instead, in many cases
> SHA2-256 is now preferred. There are still many cases for which
> SHA-1 is quite sufficient, but you have to understand the
> context to determine whether this applies.
>
> It seems that as a community, for better or worse, we tend to
> abandon crypto algorithms for all use-cases as soon as any use-case
> is broken. Therefore, SHA-1 is also now deprecated, even though
> e.g. SHA1-HMAC is still quite safe, and uses that only depend on
> 2nd-preimage resistance are also IIRC safe at this time.
>
> However, Postfix maintains a backwards-compatible default of md5.
> Perhaps now that we have a compatibility level, we could at least
> move to sha1 (moving to SHA2-256 would break with very old, but
> still supported by Postfix OpenSSL releases).
>
Thanks for the info Viktor, I will move to sha256 and for those with
very old openssl they will need to upgrade, btw do you know from what
version sha2-256 is supported by openssl? or maybe my google skillz can
help me with that. Thanks again Viktor!
