On Oct 22, 11:32 am, "Aaron Swartz" <[EMAIL PROTECTED]> wrote: > Wikipedia says that Digest isn't yet broken but that researchers are > getting closer to using the collisions to break Digest.
The MD5 reliance is a knock against digest authetication. But it is still better than nothing. Researchers might be close to breaking digest authentication, but session cookie authentication was broken the minute it was invented. SSL is best, if you can afford it, but for the rest of us digest authentication is an imperfect best choice. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
