[olsr-dev] olsrd secure plugin

Andrew Nott (spam-protected)
Thu Feb 24 08:51:20 CET 2005

If there's going to be some amount of work done on security, it might be 
worth moving away from SHA-1 entirely as it was broken recently. It's 
not an catastrophic break (at this point it'd still take massive 
computing power to actually take advantage of the flaw, and it's only 
relevant in cases where collisions are a problem, digital signatures for 
example, rather than login passwords) but moving to SHA-256 or SHA-512 
seems to be a wise precaution as the attacks are only going to get 
better, and computing power only ever gets cheaper.

Brief summary of the situation by John Callas, PGP's CTO: "It's time to 
walk, but not run, to the fire exits. You don't see smoke, but the fire 
alarms have gone off."

A more detailed analysis by Bruce Schneier, who, unlike me, is actually 
qualified to talk about this stuff, is at 

Andrew Nott

Thomas Lopatic wrote:
>> The secure plugin only uses a SHA-1 hash function from openSSL as far 
>> as I
>> can remember.
> There's a public domain implementation of SHA-1 by Steve Reid (google 
> for his name and "SHA-1". So, I'd like to suggest that we completely 
> eliminate any external dependencies by including Steve's code in the 
> plugin.
> -Thomas
> _______________________________________________
> olsr-dev mailing list
> (spam-protected)
> https://www.olsr.org/mailman/listinfo/olsr-dev

More information about the Olsr-dev mailing list