Sat Feb 19 13:21:06 PST 2005
I'm not sure if SHA1 is used anywhere in host ap without looking, but
I'm sure its used quiet widely. At any rate if anyone sees a free (non
GPL) implementation of SHA256 could you please let me know and I will
replace that code in my system.
SHA1 is sufficiently broken that its better to just make the change
now than deal with waiting until someone actually finds a way to
exploit it. I don't think the later is too likely anytime soon,
but why risk it.
p.s. If anyones curious slashdot has links on SHA1's breaks.
More information about the Hostap