On 03/10/17 18:51, Robin H. Johnson wrote: > On Tue, Oct 03, 2017 at 09:45:43AM +0200, Tomas Mraz wrote: >> On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote: >>> >>>> 1.2. This also opens the path to stronger key derivation (PBKDF2) >>>> 2. During decryption, if no header block is present, and no message >>>> digest was specified, the default digest SHOULD be MD5. >>> >>> Should it? What about compatibility with OpenSSL 1.1.0? We cannot >>> make >>> breaking changes in 1.1.1, so it has to be compatible with 1.1.0. >> Yeah, the ship has sailed. SHA-256 should be used by default as in >> 1.1.0. > It's a breaking change from 1.0.
As Tomas said - that ship has sailed. In my mind that change was a mistake. It could have been done in a non-breaking way by introducing a new header format at that time. That way if the header was not present then we would have known to use MD5 - otherwise use the hash as specified in the header. But its too late now. Breaking it again back to what it was before is the wrong answer. > At the very least, it should be added to the big notes: > https://www.openssl.org/news/openssl-1.1.0-notes.html > (this was in fact the first place I looked when my data was broken, > there was nothing about the enc tool here). Well in fact it is there: *) Changed default digest for the dgst and enc commands from MD5 to sha256 [Rich Salz] Perhaps that is a little brief - it doesn't really explain the implications of the change. Matt
signature.asc
Description: OpenPGP digital signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev