On Wed, Jul 2, 2008 at 7:27 PM, Kless <[EMAIL PROTECTED]> wrote: > > I've seen that TG2 creates a model for identity with md5 and sha1 > hash algorithms. > > Since several years ago is known that those algorithms have collision > weaknesses, and they aren't secure neither using . There are many > information about this. > > Please, change them to any more secure as SHA2, and that it's possible > of use on python 2.5 [1]
Thanks for the info. Any patch ? This is in the tg.ext.repoze.who plugin, so I accept any patch and suggestion. After all we're still alpha :) But these algos are used in tg1 also... so I could backport your patch to tg1 users also. Florent. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
