Raise default crypto algorithms to AES256 and SHA256.
authorGuus Sliepen <guus@tinc-vpn.org>
Tue, 15 Sep 2009 10:08:05 +0000 (12:08 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Tue, 15 Sep 2009 10:08:05 +0000 (12:08 +0200)
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.

src/net_setup.c

index d45cb1bbd80ee7906e041debd6c2118235f1effe..3c4bf48c71607795b8c5f4bedbc44436ef2e1991 100644 (file)
@@ -362,14 +362,14 @@ bool setup_myself(void)
                        }
                }
        } else
-               myself->incipher = EVP_bf_cbc();
+               myself->incipher = EVP_aes_256_cbc();
 
        if(myself->incipher)
                myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
        else
                myself->inkeylength = 1;
 
-       myself->connection->outcipher = EVP_bf_ofb();
+       myself->connection->outcipher = EVP_aes_256_ofb();
 
        if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
                keylifetime = 3600;
@@ -390,9 +390,9 @@ bool setup_myself(void)
                        }
                }
        } else
-               myself->indigest = EVP_sha1();
+               myself->indigest = EVP_sha256();
 
-       myself->connection->outdigest = EVP_sha1();
+       myself->connection->outdigest = EVP_sha256();
 
        if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
                if(myself->indigest) {