RE: [Passwordsafe-devel] The SHA-1 News
Popular easy-to-use and secure password manager
Brought to you by:
ronys
From: Jim.Hyslop <Jim.Hyslop@Leitch.com> - 2005-02-17 14:42:19
|
J. Wren Hunt wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 BTW, anyone else notice the irony here? :=) > While good practice would dictate that we need to > think about moving off of SHA-1, it's not something that has > to be done > in the short term to keep our data safe. I'd agree with that, especially since we don't know the details of the attack yet. "Prudent but not urgent - yet" is probably a good phrase to apply. Further details of the attack, when announced, may raise the urgency. I think an announcement at the Sourceforge web site would be warranted. If anyone is really concerned, what can they do in the short term? Encrypt the .dat file separately? Has any thought been given to allowing users to select the hash algorithm? -- Jim Hyslop Senior Software Designer Leitch Technology International Inc. ( http://www.leitch.com ) Columnist, C/C++ Users Journal ( http://www.cuj.com/experts ) |