Hi Doctor,
Form the docs:
SHA1 is the digest of choice for new applications.
It appears the docs are bit dated. Depending on the application, I
believe NIST recommends that new applications use SHA-2 family (circa
2006 [1]), and requires SHA-2 after 2010 [2]. Considering McDonald,
Hawkes, and Pieprzyk the security level of SHA-1 to 2^52 (Europcrypt
2009), SHA-2 should probably be recommended.
Jeff
[1] http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
[2] http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf
[3] http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
On Tue, Oct 6, 2009 at 4:36 PM, Dr. Stephen Henson <st...@openssl.org> wrote:
> On Tue, Oct 06, 2009, Reid Thompson wrote:
>
>> On Tue, 2009-10-06 at 10:44 -0500, Dwight Schauer wrote:
>> > http://stackoverflow.com/questions/918676/generate-sha-hash-in-openssl
>> >
>> > Replace SHA1 with SHA256.
>> > Replace 20 with SHA256_DIGEST_LENGTH.
>> >
>> > Could someone point me to an example C program, docs that show how to
>> > generate a sha-256 digest for a buffer?
>>
>> [SNIP]
>
> Both of these use the low level APIs which are deprecated.
>
> The approved technique is using EVP.
>
> http://www.openssl.org/docs/crypto/EVP_DigestInit.html#EXAMPLE
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
> [SNIP]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
