Robert Rothenberg <[email protected]> writes:

>Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm
>and number of iterations.
>
>The default algorithm is HMAC-SHA1, which should only be used for legacy
>systems.

Minor nit, there's actually nothing wrong with HMAC-SHA1 since the HMAC
construct prevents all of the attacks on SHA1.  Even the rather broken MD5 is
still fine if used in an HMAC construct.

Peter.

Reply via email to