[Standards] Re: [jdev] XEP-0115: Entity Capabilities

Peter Saint-Andre stpeter at jabber.org
Thu Jul 5 03:03:22 UTC 2007


Joe Hildebrand wrote:
> 
> On Jul 4, 2007, at 5:35 AM, Ian Paterson wrote:
> 
>> 'ext' and pre-defined sets only improve security if the choice of a
>> "weak" hash makes pre-image attacks "possible". So why don't we make
>> things easier for everyone and simply recommend a stronger hash instead?
> 
> So, to pull those bits together, I'm recommending:
> 
> base64(sha1(dave-formatted id/features))

Seems reasonable to me.

> which would give ver's that look like:
> 
> C+7Hteo/D9vJXQ3UfzxbwnXaijM=
> 
> Which is small enough for me.

Me too.

I'll write that up provisionally in XEP-0115 v1.4pre1 so we can see how
it looks...

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070704/0337330c/attachment.bin>


More information about the Standards mailing list