Evaldo Gardenali wrote:

> The SHA2 family of functions is now required for security-demanding
> systems, as sha1 is not Pareto-secure[1] anymore. I am happy to see that
> the NetBSD base comes with 0.9.8* now, but at the same time, I wonder
> WHY the sha2 functions are not included. Specifically speaking, SHA256,
> SHA384 and SHA512 algorithms. It would be of crucial importance that
> these algorithms are released with 4.0 too, and maybe even 3.1, if we
> want to keep playing on high-security environments.

i added sha2 to userland exactly a year ago. our cksum(1) supports them,
as well as mtree(8). all documented.

> $ uname -a
> NetBSD winston.XXX.YYY 4.99.1 NetBSD 4.99.1 (WINSTON) #1: Tue Aug 22
> 13:41:26 BRT 2006 
> root@winston.XXX.YYY:/usr/src/sys/arch/i386/compile/WINSTON i386
> 
> $ openssl version
> OpenSSL 0.9.8b 04 May 2006
> 
> $ openssl help
> <snip>
> Message Digest commands (see the `dgst' command for more details)
> md2            md4            md5            rmd160        
> sha           sha1          <snip>

i don't know about openssl, but try 'man sha2'.

> We at CAcert.org are moving towards SHA2 algorithms, and we are
> researching on which systems support them already for better integration
> [2]
> 
> 
> References:
> [1] http://iang.org/papers/pareto-secure.html
> [2] http://wiki.cacert.org/wiki/HashInterop

-e.

-- 
Elad Efrat