[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] [Bug 52] Proposal to use a hash more secure

To: ossec-dev@xxxxxxxxx
Subject: [ossec-dev] [Bug 52] Proposal to use a hash more secure
From: ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Date: Wed, 15 Aug 2007 19:25:05 -0300
Authentication-results: mx.google.com; spf=pass (google.com: domain of ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx designates 75.126.22.154 as permitted sender) smtp.mail=ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx

http://www.ossec.net/bugs/show_bug.cgi?id=52





------- Comment #3 from dlowe@xxxxxxxxx  2007-08-15 19:25 -------
(In reply to comment #2)
> Well, and would not it be better to use one only algorithm --but secure-- which
> will have a better performance that using two weak algorithms simultaneously?
> 

Weak? sha1 is not considered weak. And today, md5 is not considered weak
either.
Is it not better to use 2 different algorithms, rather than rely on the one
(Tiger)? 

I think we are getting ahead of ourselves as md5 is still secure today. And we
are creating "defense in depth" by using another algorithm as well. 

It is not as if we have performance issues by using 2 hashing algorithms.

My 2 cents


-- 
Configure bugmail: http://www.ossec.net/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

References:
- [ossec-dev] [Bug 52] New: Proposal to use a hash more secure
  - From: ossec-bugzilla

Prev by Date: [ossec-dev] [Bug 52] Proposal to use a hash more secure
Next by Date: [ossec-dev] Re: use stack protector on never gcc versions that support it
Previous by thread: [ossec-dev] [Bug 52] Proposal to use a hash more secure
Next by thread: [ossec-dev] [Bug 52] Proposal to use a hash more secure
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.