Stanislav Maslovski <[EMAIL PROTECTED]> writes: > What do you say, can MD5-based OPIE system be still considered secure? > In the repository there are opie-server and opie-client.
> Do I understand right that the strength of this system is the strength of > one step of MD5? Are there any alternatives where a different hashing > function can be choosen (if that is advisable)? The weakness in MD5 is not yet of the type that is likely to compromise OPIE systems, IMO. The attacker still has to have quite a lot of control over what's being compared. Of course, changing to a better hash algorithm is still a good idea. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]