Robert Denier denier
Sat Feb 19 13:21:06 PST 2005

I'm not sure if SHA1 is used anywhere in host ap without looking, but
I'm sure its used quiet widely.  At any rate if anyone sees a free (non
GPL) implementation of SHA256 could you please let me know and I will
replace that code in my system.

SHA1 is sufficiently broken that its better to just make the change
now than deal with waiting until someone actually finds a way to
exploit it.  I don't think the later is too likely anytime soon, 
but why risk it.


p.s. If anyones curious slashdot has links on SHA1's breaks.

More information about the Hostap mailing list