"Tels" nospam-abuse@bloodgate.com wrote in message news:200701231852.29592@bloodgate.com...
What function you actually use for H(), may it be MD5 or SHA1, is practically irrelevant here, tho, but when you migrate to such a scheme, you might as well use SHA256 instead of MD5 (even if it is just to quiten all the "MD5 is insecure" cryers :)
In security, doing things because "you might as well" is an incredibly bad idea! A security system should only be changed to be a _better_ security system (and even then after it has been proven to be better). _Never_ because it's 'probably not worse'!
- Mark Clements (HappyDog)