Thank you for the suggestion. As per the information I searched, the version of OpenSSL on my system (0.9.7d) doesn't support SHA256/512. Upgradation from 0.9.7d to any other latest is slated for the future.
--- On Tue, 27/10/09, Dan Anderson <opensolaris at drydog.com> wrote: From: Dan Anderson <[email protected]> Subject: Re: How to change the signature algorithm from MD5 to SHA1 in OpenSSL To: security-discuss at opensolaris.org Date: Tuesday, 27 October, 2009, 10:05 PM If you're going to go through the trouble of changing the signature algorithm from MD5, choose a strong algorithm instead of another weak one.? SHA1, although not as weak as MD5, is not recommended either.? See this comnment from NIST: "NIST Comments on Cryptanalytic Attacks on SHA-1" http://csrc.nist.gov/groups/ST/hash/statement.html Basically, it says you should use the SHA2 family (SHA224, SHA256, SHA384, or SHA512). # openssl.cnf default_md = sha512 -- This message posted from opensolaris.org _______________________________________________ security-discuss mailing list security-discuss at opensolaris.org Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/security-discuss/attachments/20091028/06cfca9a/attachment.html>
