OpenSSL in FIPS mode - MD5 hash in replay cache
Greg Hudson
ghudson at mit.edu
Wed Dec 23 00:47:12 EST 2015
On 12/22/2015 06:30 PM, Tomas Kuthan wrote:
> Is there a reason not to use a new extension identifier 'SHA1:' as I
> proposed originally?
No, you've convinced me.
> I would have also preferred SHA-256 (+ it was pointed out to me in an
> internal discussion twice), but as you say, it is not currently
> available. New checksum type for SHA-256 would be warmly welcomed.
I will try to figure out what would be necessary to register checksum
type numbers for unkeyed SHA-256, SHA-384, and SHA-512.
More information about the krbdev
mailing list