OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [office] Passwords


On Tue, 2006-28-11 at 10:08 +0100, David Faure wrote:
> On Tue Nov 28 2006, Patrick Durusau wrote:
> > Shouldn't encryption of the password be considered as application specific?
> 
> This would simply kill interoperability. Why don't we standardize the hash function instead?

Or provide a short list of acceptable hash functions. For example: SHA1,
SHA256 and SHA512.

I'm a tad hesitant about SHA1 because it's been "broken", but only for
finding collisions:

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

So, you shouldn't use SHA1 for digital signatures, but AFAICT it's still
perfectly good for encryption and password purposes where you are not
looking for collisions but a pre-image.

The reason I suggest a list is that not everyone might want to use
SHA512 for their passwords, as it's over-kill, but we shouldn't disallow
people who do want to use SHA512.

Cheers,
Daniel.
-- 
"I AM in shape. Round IS a shape."

This is a digitally signed message part



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]