Hi, On Thu, Oct 10, 2024 at 1:57 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote: > > On 10.10.24 10:42, Sedat Dilek wrote: > > On Thu, Oct 10, 2024 at 10:29 AM Sedat Dilek <sedat.dilek@xxxxxxxxx> wrote: > >> On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote: > >>> On 10.10.24 09:00, Thorsten Leemhuis wrote: > >> > >> That was wrong in the original code which you moved: > >> > >> +config MODULE_SIG_SHA384 > >> + bool "SHA-384" > >> + select CRYPTO_SHA512 <--- SHA*384* > > > > Thorsten, please fix it! > > That looks intentional to me -- and CRYPTO_SHA384 from a quick look does > not even exist. It is intentional. SHA-384 is just truncated SHA-512 with different initial hash values. The same with SHA-224/256. > But that's not at all my area of expertise, so I would not want to touch > it anyway. > > Ciao, Thorsten > > P.S.: Vegard Nossum mentioned in the fediverse that I could also solve > the problem the patch is about by adding "default MODULE_SIG_SHA512" to > the "choice" section; haven't tried that, but that sounds like a better > solution. Will likely give it a try, unless someone brings up unwanted > side effects this might cause. Yes, that would be a much better way to change the default. Overall, moving away from SHA-1 seems like a good idea and SHA-512 feels like a reasonable choice. Luis, do you see any issues with changing the default here? Sami
