[wp-hackers] Rethinking check_admin_referer()

Elliotte Harold elharo at metalab.unc.edu
Fri Apr 21 22:17:30 GMT 2006


> On 4/21/06, Doug Stewart <dstewart at atl.lmco.com> wrote:
>> It's quick and Relatively Good Enough for operations (like in this case)
>> whose timeframe for expiration are far shorter than the time it would
>> take to crack the hash itself.  Although, the Wikipedia article Robert
>> linked to does point out a lot of the shortcomings with MD5.  Why don't
>> we use sha1() instead?
> 

SHA-1 has recently begun to show weaknesses. For now they're probably 
not relevant for this use case, but attacks only get better with time. 
They never get worse. SHA-256, SHA-512, or Whirlpool might be better 
choices.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim


More information about the wp-hackers mailing list