T7338: Make SHA1 non-FIPS and differentiate in the SLI
Werner Koch
wk at gnupg.org
Thu Feb 13 17:42:23 CET 2025
On Wed, 12 Feb 2025 15:08, Lucas Mulling said:
> On Wed Feb 12, 2025 at 9:50 AM -03, Clemens Lang wrote:
>> If you do a FIPS validation now, you’ll likely get a certificate in
>> ~2 years, which then won’t be valid for 5, but only 3, because the
>> build included support for SHA1.
Makes some sense iff we are not allowed to extend the API.
> Yes, also note that operations with SHA1 are not blocked by default, and
> should work normally unless GCRY_FIPS_FLAG_REJECT_MD_SHA1 is explicitly set.
Alright. Then let's add this too.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20250213/b2cc5645/attachment.sig>
More information about the Gcrypt-devel
mailing list