j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Raise default crypto algorithms to AES256 and SHA256.

Browse source 
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
This commit is contained in:
Guus Sliepen 2009-09-15 12:08:05 +02:00
parent 633c0cf1b0
commit 4bb3793e38
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/net_setup.c
View file

@ -362,14 +362,14 @@ bool setup_myself(void)
}
}
} else
myself->incipher = EVP_bf_cbc();
myself->incipher = EVP_aes_256_cbc();
if(myself->incipher)
myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
else
myself->inkeylength = 1;
myself->connection->outcipher = EVP_bf_ofb();
myself->connection->outcipher = EVP_aes_256_ofb();
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
@ -390,9 +390,9 @@ bool setup_myself(void)
}
}
} else
myself->indigest = EVP_sha1();
myself->indigest = EVP_sha256();
myself->connection->outdigest = EVP_sha1();
myself->connection->outdigest = EVP_sha256();
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
if(myself->indigest) {