Question out of curiousity here - I notice particularly with various authentication plugins and books like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In Rails Recipes (Chad Fowler) the authentication recipe used SHA2. My basic understanding is SHA2 is stronger but curious as to why the (seemingly) majority uses SHA1. Anyone ? TIA Stuart --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 8/27/06, Dark Ambient <sambient-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > Question out of curiousity here - > I notice particularly with various authentication plugins and books > like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In > Rails Recipes (Chad Fowler) the authentication recipe used SHA2. My > basic understanding is SHA2 is stronger but curious as to why the > (seemingly) majority uses SHA1. > > Anyone ?And why don''t md5? TIA> Stuart > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
why use sha-256 when there is a sha-512? well - the reasons. 1) Stronger = slower (more or less) 2) but more important. you have to choose *something*. There are tons of hashes out there, most of them more secure than you''ll ever need (who is going to use billions of $$$ to crack you website?), and sha is secure enough. sha is way more secure than md5 (which a lot of big sites still are using), and even though there are some known attacks on it, none of them are serious (not even FBI/CIA/whatever would be able to "break" you sha hashed password (if you have a proper password)). So - if you should choose a hash. Would you use xxxOMG1337, or one that is secure and compatible with the rest of the world (what if you had to move to a new server without support for xxxOMG1337-hash). Stuart Fellowes wrote:> Question out of curiousity here - > I notice particularly with various authentication plugins and books > like AWDWR and Ruby for Rails, SHA1 encryption is implemented. In > Rails Recipes (Chad Fowler) the authentication recipe used SHA2. My > basic understanding is SHA2 is stronger but curious as to why the > (seemingly) majority uses SHA1. > > Anyone ? > > TIA > Stuart-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---