[Typo3-dev] change hash algorithm
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Tue Nov 15 23:23:44 CET 2005
Christoph Koehler schrieb:
> Hey,
>
> I just read this on slashdot.
>
> http://it.slashdot.org/article.pl?sid=05/11/15/2037232&from=rss
>
> While this doesn't mean you can get a collision from a hash yet, it
> might not be long until you can. Are there any plans to switch to SHA-1
> or another more secure hash algorithm in the near future?
For simple thing TYPO3 even uses shortened md5 strings. Anyway, there is
no need to move away from md5 unless it's a security issue.
Where are those places? BE passwords, sessions, some urls. We could move
on to SHA-1 for those occasions, but I really think that it's much
easier to break into the system by other means than factoring a
md5-based web security thingy.
Masi
More information about the TYPO3-dev
mailing list