Question out of curiousity here -
I notice particularly with various authentication plugins and books
like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In
Rails Recipes (Chad F.) the authentication recipe used SHA2. My
basic understanding is SHA2 is stronger but curious as to why the
(seemingly) majority uses SHA1.
Question out of curiousity here -
I notice particularly with various authentication plugins and books
like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In
Rails Recipes (Chad F.) the authentication recipe used SHA2. My
basic understanding is SHA2 is stronger but curious as to why the
(seemingly) majority uses SHA1.
but more important. you have to choose something. There are tons of
hashes out there, most of them more secure than you’ll ever need (who is
going to use billions of $$$ to crack you website?), and sha is secure
enough. sha is way more secure than md5 (which a lot of big sites still
are using), and even though there are some known attacks on it, none of
them are serious (not even FBI/CIA/whatever would be able to “break” you
sha hashed password (if you have a proper password)).
So - if you should choose a hash. Would you use xxxOMG1337, or one that
is secure and compatible with the rest of the world (what if you had to
move to a new server without support for xxxOMG1337-hash).
Stuart Fellowes wrote:
Question out of curiousity here -
I notice particularly with various authentication plugins and books
like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In
Rails Recipes (Chad F.) the authentication recipe used SHA2. My
basic understanding is SHA2 is stronger but curious as to why the
(seemingly) majority uses SHA1.
Anyone ?
TIA
Stuart
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.