DH.derive_key uses SHA1, which is deprecated

Question

DH.derive_key uses SHA1, which is deprecated

UnixJunkie opened this issue 5 years ago · 3 comments

As a European citizen, I would prefer RIPEMD160, but I am not a specialist of those things.

Answer 1 · 2019-09-27T01:11:19.000Z

A specialist advises SHA256:
https://crypto.stackexchange.com/questions/957/ripemd-versus-sha-x-what-are-the-main-pros-and-cons

Answer 2 · 2019-09-29T14:38:36.000Z

Fixed by #20 .

Answer 3 · 2019-09-30T03:38:16.000Z

Thanks for your responsiveness.
Maybe a new minor release (a git tag) is in order, so that the opam package can be updated.
I know that a fix related to zlib was included recently.