-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ivan Krstić wrote:
New crypto implementations often have far more security issues than the primitives they're implementing. Despite the known attacks on SHA-1, it's perfectly fine for password hashing, and it doesn't require external libraries. Use it, be merry.
Actual encryption (both design and implementation) is indeed rocket science, but implementing cryptographic hashes is not difficult at all as long as you understand the algorithm and a good battery of unit tests to make sure your implementation is working properly.
Yes, actually *designing* a hash function is difficult. And yes, SHA-1 *probably* is still good enough. But if we're going to go the trouble of migration (small trouble, but trouble that requires DB schema changes nonetheless (be they formal or informal)), we might as well do it right. I remember one security expert saying that there is no smoke yet, but the alarm bells have gone off for SHA-1 and it's time to walk (not run) for the exits.