Menu
▾
▴
Re: [Exist-development] LGPL 2.1 and GPL 2 and all that crap
|
From: Adam R. <ad...@ex...> - 2012-02-06 18:40:53
|
On Feb 6, 2012 10:25 AM, "Dannes Wessels" <da...@ex...> wrote: > > Hi Adam, > > On Mon, Feb 6, 2012 at 11:12 AM, Adam Retter <ad...@ex...> wrote: >> >> I chose RIPEMD-160 over SHA because SHA is a closed proprietary algorithm developed by the NSA, whereas RIPEMD is an open algorithm developed under public scrutiny. Apart from the hash strength of SHA, its impossible to reason about its security characteristics. > > Thnx for the answer, but I don;t see your point. IMO SHA is the standard way of doing these things and is proven technology and is used everywhere. The choice of RIPEMD-160 looks to me as a "I don't trust the world' argument? If I understand your eesponse, I think you see my point, but rather you disagree with my opinion. That's fine. > In addition, another JAR file is added, I think we must be conservative doing this (new maintenance thingy). Why another jar if the JVM provides all we need? > The JVM does not provide RIPEMD, hence the extra library > cheers > > Dannes > > -- > eXist-db Native XML Database - http://exist-db.org > Join us on linked-in: http://www.linkedin.com/groups?gid=35624 |
