From: Dannes W. <da...@ex...> - 2012-02-06 07:26:59
|
Hi, Thank you for your hard word of the last weeks......... On Sun, Feb 5, 2012 at 11:53 PM, Adam Retter <ad...@ex...> wrote: > 5) Password hashing has changed from MD5 to RIPEMD-160. There are too > many rainbow tables available for MD5, which makes revealing an MD5 > password an absolute snip. RIPEMD-160 should be much tougher to crack, > or calculate all permutations. Should anyone ask, I chose RIPEMD-160 > over SHA-256 because of political concerns. > I think having 'just another' jar file for cryptography is a bad idea. The JVM provides sufficient 'open' encryption/hashing techniques, which can be used (the 'sensitive encryption techniques' used to be an optional download anyway). I'd vote for stick to the JVM's JSSE technology. Please could you elaborate on the "political concerns" ? cheers Danes -- eXist-db Native XML Database - http://exist-db.org Join us on linked-in: http://www.linkedin.com/groups?gid=35624 |