> On Feb 2, 2016, at 1:52 PM, Tim Graham <timogra...@gmail.com> wrote: > > Just to be clear, my proposal here is only about removing > UnsaltedSHA1PasswordHasher and UnsaltedMD5PasswordHasher. The salted versions > of these hashers remain.
It seems silly to remove the unsalted options and leave the salted options, they are basically equally [1] as secure since computational power is such that it is, that it’s not really worth it to use rainbow tables anymore anyways. [1] Ok, Ok, technically salted are a wee bit more secure, but given that you can compute the MD5 of every single possible lower case alpha numeric of 6 characters or less in under a minute on a single regular desktop/server.. I don’t believe the distinction is useful. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/123D52C5-FE34-4B70-9D1D-8B5B702A405A%40stufft.io. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP using GPGMail
