Makefile: discuss SHAttered in *_SHA{1,256} discussion
Let's mention the SHAttered attack and more generally why we use the sha1collisiondetection backend by default, and note that for SHA-256 the user should feel free to pick any of the supported backends as far as hashing security is concerned. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Taylor Blau <me@ttaylorr.com>
This commit is contained in:
parent
fb8d7add06
commit
d00fa5528b
16
Makefile
16
Makefile
@ -481,6 +481,17 @@ include shared.mak
|
||||
#
|
||||
# === SHA-1 backend ===
|
||||
#
|
||||
# ==== Security ====
|
||||
#
|
||||
# Due to the SHAttered (https://shattered.io) attack vector on SHA-1
|
||||
# it's strongly recommended to use the sha1collisiondetection
|
||||
# counter-cryptanalysis library for SHA-1 hashing.
|
||||
#
|
||||
# If you know that you can trust the repository contents, or where
|
||||
# potential SHA-1 attacks are otherwise mitigated the other backends
|
||||
# listed in "SHA-1 implementations" are faster than
|
||||
# sha1collisiondetection.
|
||||
#
|
||||
# ==== Default SHA-1 backend ====
|
||||
#
|
||||
# If no *_SHA1 backend is picked, the first supported one listed in
|
||||
@ -525,6 +536,11 @@ include shared.mak
|
||||
#
|
||||
# === SHA-256 backend ===
|
||||
#
|
||||
# ==== Security ====
|
||||
#
|
||||
# Unlike SHA-1 the SHA-256 algorithm does not suffer from any known
|
||||
# vulnerabilities, so any implementation will do.
|
||||
#
|
||||
# ==== SHA-256 implementations ====
|
||||
#
|
||||
# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL.
|
||||
|
Loading…
Reference in New Issue
Block a user