[Standards] XEP-0115 redux
Alexander Gnauck
gnauck at ag-software.de
Thu Jan 10 03:22:46 CST 2008
Joe Hildebrand schrieb:
>> 3b. If we specify an MTI algorithm, do we specify MD5 or SHA-1 or
>> something else?
>
> Frankly, I don't care. MD5 is smaller, and probably more secure, but
> has marketing issues, particularly with a vocal minority on this list.
> We all have SHA-1 implementations for other things.
Maybe I misunderstood the new hash logic. Does it matter at all which
hashing we use? I thought we use the resulting hash only for the disco
cache and don't verify anything.
Most client and library implementations have both hashing algorithms
already implemented for SASL.
> Flip a coin, for all I care.
My coin has SHA-1 on both sides :). I prefer it because its used at many
other places as well. But I'm also fine with MD-5. As i said before, I
don't see the reason why the hash algorithm matters.
Alex
More information about the Standards
mailing list