[Standards] Re: [jdev] XEP-0115: Entity Capabilities

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Jul 3 22:45:53 UTC 2007

On Tuesday 03 July 2007 3:01 pm, Dave Cridland wrote:
> What about compromising on SHA-1 - possible to mount a collision
> attack in 2^63 operations, last I read, which is still technically a
> weakness, but not one I'd lose sleep over for this data. On the other
> hand, it's been examined more than SHA-256 anyway, and it's 96 bits
> shorter. (Or only 4 more octets of base64 compared to MD5).

Apologies for not understanding this thread at all and just commenting out of 
nowhere, but what security is gained by using a hash in the caps protocol?  
If there is no security gained by using a hash (e.g. everyone has access to 
the raw data such that they can all calculate the same hash) then what 
difference does it make which algorithm is used?


More information about the Standards mailing list