Robert Rothenberg <[email protected]> writes: >Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm >and number of iterations. > >The default algorithm is HMAC-SHA1, which should only be used for legacy >systems.
Minor nit, there's actually nothing wrong with HMAC-SHA1 since the HMAC construct prevents all of the attacks on SHA1. Even the rather broken MD5 is still fine if used in an HMAC construct. Peter.
