On Tue, Oct 03, 2017 at 09:45:43AM +0200, Tomas Mraz wrote: > On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote: > > > > > 1.2. This also opens the path to stronger key derivation (PBKDF2) > > > 2. During decryption, if no header block is present, and no message > > > digest was specified, the default digest SHOULD be MD5. > > > > Should it? What about compatibility with OpenSSL 1.1.0? We cannot > > make > > breaking changes in 1.1.1, so it has to be compatible with 1.1.0. > Yeah, the ship has sailed. SHA-256 should be used by default as in > 1.1.0. It's a breaking change from 1.0.
At the very least, it should be added to the big notes: https://www.openssl.org/news/openssl-1.1.0-notes.html (this was in fact the first place I looked when my data was broken, there was nothing about the enc tool here). -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
Description: Digital signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev