On 10/22/14, 9:32 AM, Daurnimator wrote:
On 22 October 2014 09:57, Tobias Markmann <[email protected] <mailto:[email protected]>> wrote:I think using a more secure hash function would be beneficial for reducing code. Secure wireless constrained applications are likely to already include a high security cryptographic hash function. Using this hash function would avoid the need of implementing MD5 at all. Maybe, hash agility could also be useful in this case. So clients, I think this is the main deployment target for as constrained device, can pick the one already available. Servers which are likely to have more power can then simply use the same hash as the client. I would think SHA-1 a better choice than MD5 at least. And clients will already need it for capabilities: http://xmpp.org/extensions/xep-0115.html#security-mti
See also RFC 6151, which states that MD5 "is no longer acceptable where collision resistance is required" (such as in digital signatures).
We can do better than MD5 these days. Peter -- Peter Saint-Andre https://andyet.com/
