[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Passwords
On Tue, 2006-28-11 at 10:08 +0100, David Faure wrote: > On Tue Nov 28 2006, Patrick Durusau wrote: > > Shouldn't encryption of the password be considered as application specific? > > This would simply kill interoperability. Why don't we standardize the hash function instead? Or provide a short list of acceptable hash functions. For example: SHA1, SHA256 and SHA512. I'm a tad hesitant about SHA1 because it's been "broken", but only for finding collisions: http://www.schneier.com/blog/archives/2005/02/sha1_broken.html So, you shouldn't use SHA1 for digital signatures, but AFAICT it's still perfectly good for encryption and password purposes where you are not looking for collisions but a pre-image. The reason I suggest a list is that not everyone might want to use SHA512 for their passwords, as it's over-kill, but we shouldn't disallow people who do want to use SHA512. Cheers, Daniel. -- "I AM in shape. Round IS a shape."
This is a digitally signed message part
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]