Mercurial > pidgin
changeset 27404:52298a298260
Update this comment. We talked about using CRC32 on the devel list
last week and decided that we want to stick with SHA1.
* We might want to move to something more secure in the future
* It would be nice if we could give client's the ability to specify the
hash function that gets used
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Tue, 07 Jul 2009 07:09:07 +0000 |
| parents | 659345e5473b |
| children | 0b20adf798f7 |
| files | libpurple/util.c |
| diffstat | 1 files changed, 4 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/util.c Tue Jul 07 06:31:45 2009 +0000 +++ b/libpurple/util.c Tue Jul 07 07:09:07 2009 +0000 @@ -2967,10 +2967,10 @@ } /* - * TODO: Consider using something faster than SHA-1, such as MD5, MD4 - * or CRC32. Are there security implications to that? Would - * probably be a good idea to benchmark some algorithms with - * 3KB-10KB chunks of data (typical buddy icon sizes). + * We thought about using non-cryptographic hashes like CRC32 here. + * They would be faster, but we think using something more secure is + * important, so that it is more difficult for someone to maliciously + * replace one buddy's icon with something else. */ char * purple_util_get_image_checksum(gconstpointer image_data, size_t image_len)