[wp-hackers] Rethinking check_admin_referer()

Elliotte Harold elharo at metalab.unc.edu
Sat Apr 22 11:46:34 GMT 2006

Doug Stewart wrote:
> Hash: SHA1
> Elliotte Harold wrote:
>> SHA-1 has recently begun to show weaknesses. For now they're probably
>> not relevant for this use case, but attacks only get better with time.
>> They never get worse. SHA-256, SHA-512, or Whirlpool might be better
>> choices.
> Agreed, but last I checked, none of those had native PHP implementations.

PHP is Turing complete. None of these would be all that hard to 
implement. Designing new, secure hash algorithms is tough. Porting them 
to a different language is a simple matter of coding and testing.

Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!

More information about the wp-hackers mailing list