Hello everybody, I found out that (at least in 2.4.0) the "RedlineProtectionKey" is stored as a simple SHA-1 [1], which allows dictionary attacks.
Could you please add some SALT to it, and possibly do some iterations (like it's already done for document encryption - http://www.w3.org/TR/xmlenc-core/) for 3.0? Thank you very much. Regards, Phil 1: http://lxr.go-oo.org/source/util/svtools/source/misc1/PasswordHelper.cxx#043 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
