Thanks for reply, my approach was also to suggest some changes to GuardPlugins. Somehow to encourage developers to use safer/stronger algorithms, because there are only md5 and sha1 mentioned and possibility of changing them (but i don't think they will stop and consider using other algo). Or maybe make default stronger?
Thanks, Maciej On 24 Cze, 12:04, Marc Weistroff <[email protected]> wrote: > You can provide custom hash functions/methods to sfDoctrineGuardPlugin. > > Please have a look > there:http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin... > > Marc > > On Thu, Jun 24, 2010 at 12:02 AM, Maciej Rumianowski < > > [email protected]> wrote: > > Hi, > > > I'm wondering if symfony is going to use new safer hash functions. I'm > > using sfGuardPlugin which uses md5 and sha1 (I didn't check it in > > Doctrine's). NSA or NIST (I don't know which one) suggested that new > > applications (build to be use after 2010) should use SHA-2 or similar. > > > As of PHP 5.1.2 I suppose, there is hash() function which has long list > > of algorithms to use, shouldn't it be better to use these algos? > > > Moreover I read on > > >http://laurent.bachelier.name/2010/04/and-i-thought-sfdoctrineguardpl... > > …/ > > that instead rand() mt_rand() should be use. > > > Thanks > > Maciej Rumianowski > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony developers" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected]<symfony-devs%[email protected]> > > For more options, visit this group at > >http://groups.google.com/group/symfony-devs?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
