Hi, I'm wondering if symfony is going to use new safer hash functions. I'm using sfGuardPlugin which uses md5 and sha1 (I didn't check it in Doctrine's). NSA or NIST (I don't know which one) suggested that new applications (build to be use after 2010) should use SHA-2 or similar.
As of PHP 5.1.2 I suppose, there is hash() function which has long list of algorithms to use, shouldn't it be better to use these algos? Moreover I read on http://laurent.bachelier.name/2010/04/and-i-thought-sfdoctrineguardplugin-was-bad…/ that instead rand() mt_rand() should be use. Thanks Maciej Rumianowski -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
