Re: [chrony-dev] Support for another crypto hash?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-dev] Support for another crypto hash?
From: Ed W <lists@xxxxxxxxxxxxxx>
Date: Tue, 18 Oct 2011 18:54:34 +0100

> Another way would be to use a crypto library like nss (we can't use
> openssl as it's not compatible with GPL) and allow user to select any
> hash supported by the library. 

These things seem to get re-implemented a lot.  If it's not performance
critical then note that you can also access kernel encryption from
userspace from 2.6.38+

Example implementation here:
    http://carnivore.it/2011/04/23/openssl_-_af_alg


As for which hash to choose, if you need security then only sha2 hashes
seem to be in the running right now, with a possibility of using
RIPEMD.  I'm not sure that sha-256 is provably more secure than sha-512
at present, so my vote would be on the shorter hash?  Google can give
you as good an opinion as I can on this though...

Cheers

Ed W

---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-dev] Support for another crypto hash?
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] Support for another crypto hash?
Next by Date: Re: [chrony-dev] Support for another crypto hash?
Previous by thread: Re: [chrony-dev] Support for another crypto hash?
Next by thread: [no subject]

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/