On 2015/09/15 15:59, Michael McConville wrote: > Christian Weisgerber wrote: > > The latest amd64 package build has revealed a number of ports that are > > broken after the l2k15 hackathon. > > > > A number of ports use SHA-0. It doesn't look like important > > functionality, more like, let's support it because OpenSSL offers it: > > > > [...] > > security/john-jumbo > > [...] > > This may actually be a functionality loss for john. It bruteforces > encrypted or hashed passwords, so it supports old and weird algorithms. > > Maybe it can pull SHA-0 from a package. Or maybe no one needs to > bruteforce anything that uses SHA-0 and SHA-0 support can be patched out > without complaint. We could also talk to upstream about adding a preproc > condition. >
I've just removed SHA-0 support for now. If somebody has a particular use for this they could try linking it against OpenSSL from ports as a separate flavour (like done in sslscan) and make the rm's for this and KRB4 (using the old libdes-compatible API) conditional.
