Re: [chrony-dev] Support for another crypto hash?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


> Another way would be to use a crypto library like nss (we can't use
> openssl as it's not compatible with GPL) and allow user to select any
> hash supported by the library. 

These things seem to get re-implemented a lot.  If it's not performance
critical then note that you can also access kernel encryption from
userspace from 2.6.38+

Example implementation here:
    http://carnivore.it/2011/04/23/openssl_-_af_alg


As for which hash to choose, if you need security then only sha2 hashes
seem to be in the running right now, with a possibility of using
RIPEMD.  I'm not sure that sha-256 is provably more secure than sha-512
at present, so my vote would be on the shorter hash?  Google can give
you as good an opinion as I can on this though...

Cheers

Ed W

---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/