> MD5's potential for collisions doesn't significantly compromise its > use in this application though, does it? Even SSL uses MD5, and if > it's good enough for SSL...
Wikipedia says that the new version of SSL uses SHA and MD5 and that browsers refuse to use the MD5-only version. Wikipedia says that Digest isn't yet broken but that researchers are getting closer to using the collisions to break Digest. > Digest authentication does not require you to store passwords in > plaintext. You only need to store the hash of > "username:realm:password". Hmm, that's better than I thought. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
