Why not default to sha512 while still supporting sha1
On Wed, May 15, 2013 at 10:20 AM, Ard Biesheuvel ard.biesheuvel@linaro.orgwrote:
On 15 May 2013 07:03, Jonathan Aquilina eagles051387@gmail.com wrote:
Not trying to hijack this thread, but I studied in my security class that SHA1 is being attacked so to speak in terms of crypto analysis and it was suggested in the book that it not be used but something like SHA512 be
used
instead.
Hello Jonathan,
Your professor is correct: SHA1 is not recommended for new development. However, as it is very widely used, we will still need to support it for a very long time.
-- Ard.
Just to give you all a heads up :)
On Tue, May 14, 2013 at 6:49 PM, Jon Medhurst (Tixy) tixy@linaro.org wrote:
On Tue, 2013-05-14 at 14:16 +0200, Ard Biesheuvel wrote:
These assembler implementations of SHA1 and AES have been in the upstream source tree since September 2012 but need to be selected explicitly in order to be enabled.
Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
linaro/configs/linaro-base.conf | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/linaro/configs/linaro-base.conf b/linaro/configs/linaro-base.conf index 5c748a7..ba7b97b 100644 --- a/linaro/configs/linaro-base.conf +++ b/linaro/configs/linaro-base.conf @@ -86,3 +86,5 @@ CONFIG_HW_PERF_EVENTS=y CONFIG_FUNCTION_TRACER=y CONFIG_ENABLE_DEFAULT_TRACERS=y CONFIG_PROC_DEVICETREE=y +CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_SHA1_ARM=y
This also enables CONFIG_CRYPTO_SHA1 which we didn't already have enabled in our builds, so I assume nothing actually needs this option. If that's true, then it doesn't seem worth enabling an optimised version of code which isn't going to be used. ;-)
-- Tixy
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
-- Jonathan Aquilina