Why is SHA1 the default hashing algorithm in tpm2-tools?

tpm2-software / tpm2-tools

The source repository for the Trusted Platform Module (TPM2.0) tools

https://tpm2-software.github.io

717 stars 378 forks source link

Why is SHA1 the default hashing algorithm in tpm2-tools? #3340

Open tomoveu opened 9 months ago

tomoveu commented 9 months ago

It looks like SHA1 is the default hashing algorithm for tpm2_hash. Could we change this to SHA256 or anything that is not deprecated?

root@9ac55cfa586b:~/lab/chapter_D# tpm2_hash -o hash.txt --hex random.bin
root@9ac55cfa586b:~/lab/chapter_D# cat hash.txt 
0d0cda9c13ececee74e8c61bf363233a906f6b84
root@9ac55cfa586b:~/lab/chapter_D# sha1sum random.bin 
0d0cda9c13ececee74e8c61bf363233a906f6b84  random.bin

where random.bin is just 64 bytes of random data as produced by tpm2_getrandom.

tomoveu commented 9 months ago

ping @williamcroberts @idesai

tomoveu commented 8 months ago

@idesai , thank you Imran