changeset 27486:52298a298260

Update this comment. We talked about using CRC32 on the devel list last week and decided that we want to stick with SHA1. * We might want to move to something more secure in the future * It would be nice if we could give client's the ability to specify the hash function that gets used
author Mark Doliner <mark@kingant.net>
date Tue, 07 Jul 2009 07:09:07 +0000
parents 659345e5473b
children 0b20adf798f7
files libpurple/util.c
diffstat 1 files changed, 4 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/util.c	Tue Jul 07 06:31:45 2009 +0000
+++ b/libpurple/util.c	Tue Jul 07 07:09:07 2009 +0000
@@ -2967,10 +2967,10 @@
 }
 
 /*
- * TODO: Consider using something faster than SHA-1, such as MD5, MD4
- *       or CRC32.  Are there security implications to that?  Would
- *       probably be a good idea to benchmark some algorithms with
- *       3KB-10KB chunks of data (typical buddy icon sizes).
+ * We thought about using non-cryptographic hashes like CRC32 here.
+ * They would be faster, but we think using something more secure is
+ * important, so that it is more difficult for someone to maliciously
+ * replace one buddy's icon with something else.
  */
 char *
 purple_util_get_image_checksum(gconstpointer image_data, size_t image_len)