[wp-hackers] Rethinking check_admin_referer()
Elliotte Harold
elharo at metalab.unc.edu
Sat Apr 22 11:46:34 GMT 2006
Doug Stewart wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Elliotte Harold wrote:
>> SHA-1 has recently begun to show weaknesses. For now they're probably
>> not relevant for this use case, but attacks only get better with time.
>> They never get worse. SHA-256, SHA-512, or Whirlpool might be better
>> choices.
>>
>
> Agreed, but last I checked, none of those had native PHP implementations.
>
PHP is Turing complete. None of these would be all that hard to
implement. Designing new, secure hash algorithms is tough. Porting them
to a different language is a simple matter of coding and testing.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
More information about the wp-hackers
mailing list