Let's mention the SHAttered attack and more generally why we use the sha1collisiondetection backend by default, and note that for SHA-256 the user should feel free to pick any of the supported backends as far as hashing security is concerned. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> --- Makefile | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Makefile b/Makefile index a0ca6456b85..805e88ed5fd 100644 --- a/Makefile +++ b/Makefile @@ -481,6 +481,16 @@ include shared.mak # # === SHA-1 backend === # +# ==== Security ==== +# +# Due to the SHAttered (https://shattered.io) attack vector on SHA-1 +# it's strongly recommended to use the sha1collisiondetection +# counter-cryptanalysis library for SHA-1 hashing (DC_SHA1). +# +# If you know that you can trust the repository contents, or where +# potential SHA-1 attacks are otherwise mitigated the backends listed +# in "Other SHA-1 implementations" are faster than DC_SHA1. +# # ==== Default SHA-1 backend ==== # # If no *_SHA1 backend is picked we'll fall back on using the default. @@ -525,6 +535,11 @@ include shared.mak # # === SHA-256 backend === # +# ==== Security ==== +# +# Unlike SHA-1 the SHA-256 algorithm does not suffer from any known +# vulnerabilities, so any implementation will do. +# # ==== Default SHA-256 backend ==== # # If no *_SHA256 backend is picked we'll fall fall back on using the -- 2.38.0.1251.g3eefdfb5e7a
