I'm not an expert on criptography but I usually read posts of Bruce Schneier, a great expert about this topic. And when he says "It's time for us all to migrate away from SHA-1." --it's the same about MD5--,I don't prefer thinking in that it's a possibility very remote, mainly when there are safer alternatives.
I recommend to read this post: http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html On Jul 2, 7:22 pm, Christopher Arndt <[EMAIL PROTECTED]> wrote: > Kless schrieb: > > > I've seen that TG2 creates a model for identity with md5 and sha1 > > hash algorithms. > > > Since several years ago is known that those algorithms have collision > > weaknesses, and they aren't secure neither using . There are many > > information about this. > > > Please, change them to any more secure as SHA2, and that it's possible > > of use on python 2.5 [1] > > We can't use a function that's only available in Python 2.5 by default, > since we are committed to supporting Python 2.4 in TG >1.0 and TG2 as > well. we could include this hashing algorithm as an alternative though > or provide out own implementation of it. Do you have one? > > Anyway, how would an attack based on these weaknesses actually work? a > collision, AFAIK, means that two plain-text messages can produce the > same hash. Since the hashing functions are used for encrypting (or > rather hashing) passwords, this means that there is the possibility that > two passwords would lead to the same hash. Which, in the worst case may > mean that the chances of beraking the password by brute force are > halved, am I right? > > Does not sound so serious, IMHO. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
