[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Should we settle on one SSL implementation?



On Wed, Oct 24, 2007 at 12:14:04PM -0400, Bernardo Innocenti wrote:
> Please, let's not add an external dependency for something
> as trivial as a SHA1.

The positives to adding an external dependancy are you only have
to worry about bugs in one implementation.

I also note:

> >We need a strong hash function as this replaces the previous weak hash +
> >memcmp when checking incoming glyphs for matches with the existing set
> >of server-resident glyphs. One could argue that this must be
> >cryptographically secure to avoid applications uploading misleading
> >glyph images.

Which presumably means they'll not be using SHA1 much longer - right ?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]