OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Passwords

On Tue, 2006-28-11 at 10:08 +0100, David Faure wrote:
> On Tue Nov 28 2006, Patrick Durusau wrote:
> > Shouldn't encryption of the password be considered as application specific?
> This would simply kill interoperability. Why don't we standardize the hash function instead?

Or provide a short list of acceptable hash functions. For example: SHA1,
SHA256 and SHA512.

I'm a tad hesitant about SHA1 because it's been "broken", but only for
finding collisions:


So, you shouldn't use SHA1 for digital signatures, but AFAICT it's still
perfectly good for encryption and password purposes where you are not
looking for collisions but a pre-image.

The reason I suggest a list is that not everyone might want to use
SHA512 for their passwords, as it's over-kill, but we shouldn't disallow
people who do want to use SHA512.

"I AM in shape. Round IS a shape."

This is a digitally signed message part

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]