[Wine] WineHQ database compromise

Jeremy White jwhite at codeweavers.com
Thu Oct 13 09:20:58 CDT 2011

Hey Josh,

> I'm not a cryptographer either, but note that SHA-1 is used by Git and others for its speed.  For hashing passwords, this is a bug, not a feature -- checking passwords should be slow rather than quick.  One hash function designed for passwords is bcrypt().

Yes, absolutely.  There is a lot of thought that has gone into this.
You can spend a long time trying to decide on a better strategy, and
sha1 is no longer considered a particularly good strategy.

I will point out that the appdb is a completely volunteer effort, and I
think it needs volunteers badly.  So, patches are more than welcome
<evil grin>.



More information about the wine-users mailing list