2014-03-06 21:00 GMT+01:00 Iain Morgan <imorgan@xxxxxxxxxxxx>: > On Thu, Mar 06, 2014 at 19:39:33 +0000, Scott Neugroschl wrote: >> Quoth Iain: >> >I'm not sure if the work being done to allow OpenSSH to be built without OpenSSL includes SHA-1 support. >> >> Hi Iain. I haven't heard of this effort before. Can you give a few more details? >> >> Thanks, >> >> ScottN >> > > Well, I'm not in a position to give any authoritative information, but > here is what I know: With the addition of curve25519, ed25519, and > chacha20+poly1305, the developers have commented about the possibility > of building an RFC non-compliant OpenSSH without OpenSSL. > > If you search through the mailing list archive, I believe you chould see > some references to this. There are also commtnes in the CVS commits > regarding this. And, I believe Damien mentioned about this in his > interview on bsdnow.tv. > > In one of the CVS commits, I noticed that there is support for falling > back on libc for digest support when building without OpenSSL, but I > don't recall if this is both MD5 and SHA1 or not. > > -- > Iain Morgan Hi Iain, sha1 and md5 are not used in nacl. You need only sha256 or sha512, eg: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/hash.c?rev=1.3;content-type=text%2Fplain Best regards, Daniel > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
