I have brought this up before, and it might be a bit annoying that I do so again, but I remain concerned by the fact that we are about to ship a product (Firebird 3) that uses hashing and encryption algorithms (SHA-1 and RC4) that most in the industry consider outdated and (relatively) insecure.
Organizations are taking actions to deprecate and disable both (eg Oracle disabled RC4 in TLS in Java 8 Update 51, the IETF now prohibits the use of RC4 in TLS, https://tools.ietf.org/html/rfc7465). They might still be strong enough for now, but I am also concerned about the public image impact of releasing a product with a new security feature that uses algorithms considered insecure by todays standards. Mark -- Mark Rotteveel ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
