"Tels" <nospam-abuse(a)bloodgate.com> wrote in
message news:200701231852.29592@bloodgate.com...
What function you actually use for H(), may it be MD5 or SHA1, is
practically irrelevant here, tho, but when you migrate to such a scheme,
you might as well use SHA256 instead of MD5 (even if it is just to quiten
all the "MD5 is insecure" cryers :)
In security, doing things because "you might as well" is an incredibly bad
idea! A security system should only be changed to be a _better_ security
system (and even then after it has been proven to be better). _Never_
because it's 'probably not worse'!
- Mark Clements (HappyDog)