[wp-hackers] Rethinking check_admin_referer()
Elliotte Harold
elharo at metalab.unc.edu
Fri Apr 21 22:17:30 GMT 2006
> On 4/21/06, Doug Stewart <dstewart at atl.lmco.com> wrote:
>> It's quick and Relatively Good Enough for operations (like in this case)
>> whose timeframe for expiration are far shorter than the time it would
>> take to crack the hash itself. Although, the Wikipedia article Robert
>> linked to does point out a lot of the shortcomings with MD5. Why don't
>> we use sha1() instead?
>
SHA-1 has recently begun to show weaknesses. For now they're probably
not relevant for this use case, but attacks only get better with time.
They never get worse. SHA-256, SHA-512, or Whirlpool might be better
choices.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
More information about the wp-hackers
mailing list