-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1
On Thursday, 03.01.2008 at 13:01 -0500, scott wrote:
> Referencing:

quoted text
> http://www.cse-cst.gc.ca/services/crypto-services/crypto-algorithms-e.html

>

> It is now 2008 and, per above link, the CSE de-lists certain HASH and

> HMAC standards and algorithms, namely sha-1 is bumped to sha-224 (as a

> minimum) including its downstream incorporations/reliances.

>

> With regard to openBSD's the broad sheet of crypto software -- ssh in

> particular but not just ssh -- in so far as I can see from userland

> (aka a non-developer) the userland user-interface presently limits in

> places to sha-1.

>

> Not saying that oBSD is/isn't/should/shall be CSE compliant but rather

> working from the premise that the CSE document is of merit and any

> such de-listings are noteworthy, will the 2008 openBSD releases 4.3

> and 4.4 include -- i.e. pace -- and make usable at the userland

> user-interface levels (e.g. sshd_config > MACs, et al) the modern

> standards and algorithms.

The above is an interesting issue.
A related issue: is there any simple way to, say, disable use of a

particular algorithm entirely?  For example, if a serious compromise is

found in an algorithm, can use of it (through whichever context: ssh,

gpg, hashing, something else) be disabled?
Dave.

- --

Dave Ewart davee@sungate.co.uk, jabber:davee@jabber.org, freenode:davee

All email from me is now digitally signed, http://www.sungate.co.uk/

Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92

iD8DBQFHk2Q4nhBnac0o2pIRApAeAKDJ6xVaFLePpCYdEhAS1LNUeixkRQCgt4yt

E/bW1rD0EcGk1Omg5Yns8QA=

=sbH3

-----END PGP SIGNATURE-----