SHA-1 is no longer cryptographically sound. We should be using the SHA-2 class of hashes and probably set SHA-256 as the minimum.
boyd On 11/21/07 6:22 PM, "Joe Hildebrand" <[EMAIL PROTECTED]> wrote: > On Nov 21, 2007, at 1:12 PM, Peter Saint-Andre wrote: >> > 14. XEP-0115: Entity Capabilities >> > >> > Dave objected to removal of hash attribute and hardcoding to SHA-1, >> > since that is not future-proof. Peter agreed that this needs to be >> > included. > > > Are we realistically *ever* going to define a new hash algorithm? > Imagine the breakage that would ensue. > > This reminds me, though, that if we don't specify hash, the v > attribute cannot be optional for new caps; otherwise receivers won't > know whether this is an old or new caps declaration. > > -- > Joe Hildebrand > >
