Menu
▾
▴
Re: [Exist-development] LGPL 2.1 and GPL 2 and all that crap
|
From: Adam R. <ad...@ex...> - 2012-02-06 18:56:29
|
>> I chose RIPEMD-160 over SHA because SHA is a closed proprietary >> algorithm developed by the NSA > > Can one be more open than this: http://tools.ietf.org/html/rfc3174 If I understand correctly, is that not just the implementation of the algorithm? SHA-1 has been proven several times to have weaknesses and each time its proven the feasibility of the attack has significantly increased. In fact the US Government now recommends that government departments use SHA-2 or better and not SHA-1. > OpenJDK also supports SHA-2, eg the 224 variant > http://openjdk.java.net/jeps/130 Yes there is SHA-2, however its 256bit whereas RIPEMD-160 is just 160 bits. RIPEMD-160 should be faster (less computationally intensive) than SHA-2 if I understand correctly, and in addition requires less memory and storage for the digest. Like SHA-1, SHA-2 was also developed in private in a proprietary way, unlike RIPEMD-160. > -- > peter > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > Exist-development mailing list > Exi...@li... > https://lists.sourceforge.net/lists/listinfo/exist-development -- Adam Retter eXist Developer { United Kingdom } ad...@ex... irc://irc.freenode.net/existdb |
