On Friday, December 4, 2015 at 5:33:45 PM UTC-5, Jeff wrote: > > > "My question for the original poster is whether he needs to maintain > compatibility with a legacy system, or whether he is looking for a good > system when starting from scratch." > > it will be a new system that will import existing records, which will have > already hashed user passwords. >
Unless you are forced to use SHA1, don't use it. Plan a transition from the legacy system, or legacy hash. Such as implement a better, more modern and more secure hash in the legacy system and prompt the users to change their password. When the NIST says "use a better cipher" (or hash or whatever) listen to them and don't use the old one anymore. No software written in 2019 should use things like MD5, SHA1, DES and all that similar stuff that was probably OK in 1975. Computers are faster and attacks are smarter. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
