[Wine] WineHQ database compromise
Jeremy White
jwhite at codeweavers.com
Thu Oct 13 09:20:58 CDT 2011
Hey Josh,
> I'm not a cryptographer either, but note that SHA-1 is used by Git and others for its speed. For hashing passwords, this is a bug, not a feature -- checking passwords should be slow rather than quick. One hash function designed for passwords is bcrypt().
Yes, absolutely. There is a lot of thought that has gone into this.
You can spend a long time trying to decide on a better strategy, and
sha1 is no longer considered a particularly good strategy.
I will point out that the appdb is a completely volunteer effort, and I
think it needs volunteers badly. So, patches are more than welcome
<evil grin>.
Cheers,
Jeremy
More information about the wine-users
mailing list