[TYPO3-core] RFC: #10201: Duplicate cHash Values
Francois Suter
fsu-lists at cobweb.ch
Mon Sep 7 22:01:37 CEST 2009
Hi,
> Regarding full md5 hashes for cHash, there's (currently) no way to get
> hold of the encryption key. Basis for it would be successful preimage
> attacks for md5 (although it's not classical preimage problem). Such
> attacks are not known to be succeeded for md5 (yet).
And one more note: the advantage of (the latest version of) this patch,
is that the cHash generation is fully encapsulated, so it will be easier
to change in the future if need be.
Cheers
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-team-core
mailing list