On Mon, Oct 24, 2005 at 11:33:50 +0200,
Martijn van Oosterhout <kleptog@xxxxxxxxx> wrote:
>
> By all means, submit a patch but there's no real hurry right now. We
> should probably move straight to something more secure anyway, maybe
> SHA-256 or something.
This makes more sense. There is little point in going to the effort to
changing to SHA-1 only to change again later.
There isn't any hurry to change now, so it might be better to wait until
the next group of hash functions is designed, built on lessons learned from
the attacks against MD5 and SHA-1.
It might be a good step to go through and figure out what needs to be changed, then implement a plugin type system to reduce the need for changes when the next generation of hashes gets "broken". It might even allow for authentication to external sources, like LDAP or some other plugin.
