SHA1 for HMAC

coreybrett

I understand the defaults in 2.4.4 were updated to reflect modern crypto.
I'm curious why SHA1 is considered weak for the hash.
Is there a performance diff between SHA1 and SHA256?

According to these articles, SHA1 is still ok for HMAC.
But perhaps something has changed since they were written?

https://vikingvpn.com/blogs/transparency/understanding-googles-sha-1-collision-and-openvpn-hmac-sha1

https://blog.equinux.com/2017/03/sha-1-collision-and-what-it-means-for-your-vpn-security/

jimp

Though SHA1 may still be safe right now, if your goal is "secure by default" why pick something you know is a ticking time bomb?

There may be a performance difference between SHA1 and SHA256 but it largely depends on your hardware and workload.

If that bothers you, use AES-GCM which does the encryption and hashing in one (accelerated) step.

coreybrett

Thanks for the feed back.
Can I do GCM with a PSK S2S tunnel?

jimp

With IPsec, yes. With OpenVPN, no. OpenVPN shared key mode isn't compatible with GCM (IIRC it requires SSL/TLS)