> On Feb 27, 2017, at 3:51 PM, Bob Friesenhahn <bfrie...@simple.dallas.tx.us> > wrote: > > Are you somehow depending on sqlite3 for a SHA-1 implementation? That would > be strange.
I’m genuinely mystified by this statement. Why would the extension be included if not for people to use it? (I’m not using this extension myself. But I am in the process of investigating the Shattered vulnerability and filing issues against the components of our software that use SHA-1, and thinking about how to upgrade them to use SHA-256 or SHA-3.) > The SHA-1 implementation in SQLite is surely intended to ease certain aspects > of SQLite development If it were for internal use only, why expose it publicly as an extension, and incur the overhead of having to support it and keep its API consistent? —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
