[Openswan Users] HMAC-SHA2-128 ?

Paul Wouters paul at xelerance.com
Mon Jul 20 10:11:53 EDT 2009

On Mon, 20 Jul 2009, Nguyễn Hoàng Anh wrote:

> Thank Paul for your reply. But some one say that: HMAC - SHA2-128 is more secure than
> HMAC-SHA1-96. Because SHA1 hash algorithm has been cracked !!. I think strength of HMAC
> algorithm is not depend on hash algorithm.     Is that true?

SHA2 might be stronger, but there is not that much difference between SHA1 and SHA2.
It is expected that if one falls, the other follows suit.

Especially the HMAC method is not vulnerable to any of the currently going pre-image
attacks. Openswan does not support any "crackable" ciphers or hashes, unless you
recompile with WEAK_CIPHERS.


More information about the Users mailing list