On Tue, Oct 10, 2023 at 10:22:38PM +0100, Dimitri John Ledkov wrote:
> Removes support for sha1 signed kernel modules, importing sha1 signed
> x.509 certificates.
>
> rsa-pkcs1pad keeps sha1 padding support, which seems to be used by
> virtio driver.
>
> sha1 remains available as there are many d
On Tue, Oct 10, 2023 at 10:26:33PM +0100, Dimitri John Ledkov wrote:
> sha224 does not provide enough security against collision attacks
> relative to the default keys used for signing (RSA 4k & P-384). Also
> sha224 never became popular, as sha256 got widely adopter ahead of
> sha224 being introdu
On Tue, Oct 10, 2023 at 10:27:55PM +0100, Dimitri John Ledkov wrote:
> NIST FIPS 186-5 states that it is recommended that the security
> strength associated with the bit length of n and the security strength
> of the hash function be the same, or higher upon agreement. Given NIST
> P384 curve is us
On Tue, Oct 10, 2023 at 10:27:55PM +0100, Dimitri John Ledkov wrote:
> NIST FIPS 186-5 states that it is recommended that the security
> strength associated with the bit length of n and the security strength
> of the hash function be the same, or higher upon agreement. Given NIST
> P384 curve is us
