After a busy semester, I am going through the backlog of Ur/Web issue
reports. I'm hoping to make a new Ur/Web release soon, and here is the
first in what may be a series of community queries, to decide whether
certain changes are appropriate.
It has been pointed out <https://github.com/urweb/urweb/pull/114> that
Ur/Web's Basis.crypt uses DES, a weak hashing approach by today's
standards. I can think of a few potential courses of action:
1. As in the linked PR, just add a comment essentially saying "hey,
this crypto isn't so great."
2. Switch to a different cryptosystem available in OpenSSL's libcrypto,
which is already linked with all Ur/Web apps.
3. Realize that literally no one is using this function and just delete
it from the standard library. (A less severe version is to ask a
small but nonzero-size user community to switch to using separate
libraries for this functionality.)
Any thoughts?
_______________________________________________
Ur mailing list
[email protected]
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
