[Standards] Re: [jdev] XEP-0115: Entity Capabilities

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Jul 3 22:45:53 UTC 2007


On Tuesday 03 July 2007 3:01 pm, Dave Cridland wrote:
> What about compromising on SHA-1 - possible to mount a collision
> attack in 2^63 operations, last I read, which is still technically a
> weakness, but not one I'd lose sleep over for this data. On the other
> hand, it's been examined more than SHA-256 anyway, and it's 96 bits
> shorter. (Or only 4 more octets of base64 compared to MD5).

Apologies for not understanding this thread at all and just commenting out of 
nowhere, but what security is gained by using a hash in the caps protocol?  
If there is no security gained by using a hash (e.g. everyone has access to 
the raw data such that they can all calculate the same hash) then what 
difference does it make which algorithm is used?

-Justin



More information about the Standards mailing list