On 23. mars 2011, at 10:48, pranab sahoo <[email protected]> wrote: > can we use any other algorithm than md5 during registration process?
Quick question... Why would you want to? I suspect you might be trying to fix a problem you don't have. Sure, weaknesses have been found in md5, but those relate to collitions, not backtracking to find what was hashed. The weaknesses can be used to make a hash over something, have the hash signed, and then replace what was hashed, with the hash being identical, and thus making it possible to make falsified ssl certificates and similar. Those attacks do not break http digest auth. Terje (who has been out of the game a bit, so might not have caught absolutely everything about md5) _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
