Mercurial > pidgin.yaz
comparison libpurple/util.c @ 27486:52298a298260
Update this comment. We talked about using CRC32 on the devel list
last week and decided that we want to stick with SHA1.
* We might want to move to something more secure in the future
* It would be nice if we could give client's the ability to specify the
hash function that gets used
author | Mark Doliner <mark@kingant.net> |
---|---|
date | Tue, 07 Jul 2009 07:09:07 +0000 |
parents | 57fdb7853fc7 |
children | 065294d973b4 |
comparison
equal
deleted
inserted
replaced
27485:659345e5473b | 27486:52298a298260 |
---|---|
2965 | 2965 |
2966 return "icon"; | 2966 return "icon"; |
2967 } | 2967 } |
2968 | 2968 |
2969 /* | 2969 /* |
2970 * TODO: Consider using something faster than SHA-1, such as MD5, MD4 | 2970 * We thought about using non-cryptographic hashes like CRC32 here. |
2971 * or CRC32. Are there security implications to that? Would | 2971 * They would be faster, but we think using something more secure is |
2972 * probably be a good idea to benchmark some algorithms with | 2972 * important, so that it is more difficult for someone to maliciously |
2973 * 3KB-10KB chunks of data (typical buddy icon sizes). | 2973 * replace one buddy's icon with something else. |
2974 */ | 2974 */ |
2975 char * | 2975 char * |
2976 purple_util_get_image_checksum(gconstpointer image_data, size_t image_len) | 2976 purple_util_get_image_checksum(gconstpointer image_data, size_t image_len) |
2977 { | 2977 { |
2978 PurpleCipherContext *context; | 2978 PurpleCipherContext *context; |