On 06/ 9/14 04:04 AM, Pali Rohár wrote:
I think that security flaws found in openssl/gnutls last days/months is
very good reason to not use it - when it is not needed.
I believe all of those have been in the SSL/TLS layers, and not down in
the cryptographic hash primitives themselves.
One of the prime motivators we had for moving to an externally maintained
SHA-1 implementation for Xorg was to let someone else deal with all the
optimizations for specific CPUs and let us simply reap the benefits of
their work.
If you don't want to use one of the existing libraries, you can take your
own SHA-1 implementation, make it conform to one of the existing API's and
simply build with it, but that seems like a lot of work to move from a known
good implementation to one that's probably not as good.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
