On 10/22/14, 9:32 AM, Daurnimator wrote:
On 22 October 2014 09:57, Tobias Markmann <tmarkm...@googlemail.com
<mailto:tmarkm...@googlemail.com>> wrote:
I think using a more secure hash function would be beneficial for
reducing code. Secure wireless constrained applications are likely
to already include a high security cryptographic hash function.
Using this hash function would avoid the need of implementing MD5 at
all. Maybe, hash agility could also be useful in this case. So
clients, I think this is the main deployment target for as
constrained device, can pick the one already available. Servers
which are likely to have more power can then simply use the same
hash as the client.
I would think SHA-1 a better choice than MD5 at least.
And clients will already need it for capabilities:
http://xmpp.org/extensions/xep-0115.html#security-mti
See also RFC 6151, which states that MD5 "is no longer acceptable where
collision resistance is required" (such as in digital signatures).
We can do better than MD5 these days.
Peter
--
Peter Saint-Andre
https://andyet.com/