[Standards] Re: [jdev] XEP-0115: Entity Capabilities
justin-keyword-jabber.093179 at affinix.com
Tue Jul 3 22:45:53 UTC 2007
On Tuesday 03 July 2007 3:01 pm, Dave Cridland wrote:
> What about compromising on SHA-1 - possible to mount a collision
> attack in 2^63 operations, last I read, which is still technically a
> weakness, but not one I'd lose sleep over for this data. On the other
> hand, it's been examined more than SHA-256 anyway, and it's 96 bits
> shorter. (Or only 4 more octets of base64 compared to MD5).
Apologies for not understanding this thread at all and just commenting out of
nowhere, but what security is gained by using a hash in the caps protocol?
If there is no security gained by using a hash (e.g. everyone has access to
the raw data such that they can all calculate the same hash) then what
difference does it make which algorithm is used?
More information about the Standards