SHA1 for HMAC
-
I understand the defaults in 2.4.4 were updated to reflect modern crypto.
I'm curious why SHA1 is considered weak for the hash.
Is there a performance diff between SHA1 and SHA256?According to these articles, SHA1 is still ok for HMAC.
But perhaps something has changed since they were written?https://vikingvpn.com/blogs/transparency/understanding-googles-sha-1-collision-and-openvpn-hmac-sha1
https://blog.equinux.com/2017/03/sha-1-collision-and-what-it-means-for-your-vpn-security/
-
Though SHA1 may still be safe right now, if your goal is "secure by default" why pick something you know is a ticking time bomb?
There may be a performance difference between SHA1 and SHA256 but it largely depends on your hardware and workload.
If that bothers you, use AES-GCM which does the encryption and hashing in one (accelerated) step.
-
Thanks for the feed back.
Can I do GCM with a PSK S2S tunnel? -
With IPsec, yes. With OpenVPN, no. OpenVPN shared key mode isn't compatible with GCM (IIRC it requires SSL/TLS)