http://xkcd.com/538/ Sorry, I couldn't help myself :).
On Tue, Feb 3, 2009 at 8:51 AM, robert <[email protected]> wrote: > > Depending on the nature of your application, keep in mind that both > MerbAuth and restful auth use SHA1 for hashing, which was broken 3 > years ago by collision. > > SSL, which most providers use MD5 for hashing was also broken and it's > proven that you can create repeatable collisions at will and it's only > a matter time until the same is true for SHA1 as more studying is > being done in China. > > Just some things to keep in mind when thinking about the security of > your application. > --~--~---------~--~----~------------~-------~--~----~ SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby -~----------~----~----~----~------~----~------~--~---
