Well, it's better to give more options and that the owner developer been who decides about the security on its application.
It's very easy to add more safer hash algorithms. On Jul 2, 7:56 pm, Christopher Arndt <[EMAIL PROTECTED]> wrote: > Patrick Lewis schrieb: > > > Not saying that a stronger hash is a bad thing, but that the existing > > implementation is still pretty good for its intended purpose. > > That's what I was trying to say. > > Also, the attack on SHA1 seems to be considerably more > computing-intensive, so I think with these two factors put together it > is still safe to recommended storing passwords a SHA1 hashes. > > Chris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
