On Wednesday, February 13, 2013 at 3:36 PM, Antoine Pitrou wrote: > Donald Stufft <donald.stufft <at> gmail.com (http://gmail.com)> writes: > > > > Why is it worse? SHA1 isn't terribly broken AFAIK. > > > > Because you lower the available entropy, "birthday paradox". > > How so? Collisions are highly unlikely on a non-broken 160-bit hash function. > I don't understand how the birthday paradox is a practical problem. > > Regards > > Antoine. Sorry I was wrong about why. I asked the Security Researcher at work (I'm not an expert, I just implement solutions the experts come up with ;) )
bcrypt(sha1(plaintext)) is bad because sha1 shouldn't be used because it's been "broken". bcrypt(sha256(plaintext)) is better than just plain bcrypt(plaintext) because because only considers a maximum number of characters (I believe it's in the 50's). So basically bcrypt of a hash is secure as long as the hash is secure, but sha1 shouldn't be considered secure anymore. However Passlib doesn't have a bcrypt + hash backend and I would be loathe to suggest PyPI permanently switch to a custom untested/not widely used backend.
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
