max rsa key length, sym. cipher and digest recommendations ?
Guus Sliepen
guus at tinc-vpn.org
Tue Jan 7 16:50:41 CET 2014
On Tue, Jan 07, 2014 at 02:53:56PM +0000, Pedro Côrte-Real wrote:
> > The default values are already pretty good (2048 bits RSA keys, Blowfish-CBC,
> > and SHA1).
>
> Isn't SHA1 considered unsafe now and not recommended for new
> deployments? I know it's still only weakened and not broken but to
> stay on the safe side shouldn't we me migrating away from it?
It's hard to say whether SHA1 is broken or not. It depends on how you use it.
If you use plain SHA1 to generate a checksum for something, then you can
generate another piece of plaintext that when hashed produces the same
checksum, in much less than the 2^80 operations you would expect from a 160 bit
hash function. However, tinc doesn't use plain SHA1, but uses the HMAC scheme
to authenticate packets, which supposedly is not affected by the
lower-than-optimal security of SHA1.
In tinc 1.1, there is a new protocol which uses AES in Galois Counter Mode
instead of using a HMAC.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140107/b4888536/attachment-0001.sig>
More information about the tinc
mailing list