Menu
▾
▴
Re: [Exist-development] [HEADS-UP] Merge in of Security Branch
|
From: Patrick B. <pat...@jo...> - 2012-02-06 20:22:53
|
This is excellent news! On Mon, Feb 6, 2012 at 2:26 AM, Dannes Wessels <da...@ex...> wrote: > Hi, > > Thank you for your hard word of the last weeks......... > > On Sun, Feb 5, 2012 at 11:53 PM, Adam Retter <ad...@ex...> wrote: >> >> 5) Password hashing has changed from MD5 to RIPEMD-160. There are too >> many rainbow tables available for MD5, which makes revealing an MD5 >> password an absolute snip. RIPEMD-160 should be much tougher to crack, >> or calculate all permutations. Should anyone ask, I chose RIPEMD-160 >> over SHA-256 because of political concerns. > > > I think having 'just another' jar file for cryptography is a bad idea. The > JVM provides sufficient 'open' encryption/hashing techniques, which can be > used (the 'sensitive encryption techniques' used to be an optional download > anyway). > > I'd vote for stick to the JVM's JSSE technology. Please could you elaborate > on the "political concerns" ? > > cheers > > Danes > > > -- > eXist-db Native XML Database - http://exist-db.org > Join us on linked-in: http://www.linkedin.com/groups?gid=35624 > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > Exist-development mailing list > Exi...@li... > https://lists.sourceforge.net/lists/listinfo/exist-development > -- Patrick Bosek Jorsek Software Cell (585) 820 9634 Office (877) 492 2960 Jorsek.com |
