Open GoogleCodeExporter opened 9 years ago
Thanks for pointing out these issues.
The choice for MD5 over SHA was mainly motivated by speed vs security tradeoff -
especially on the original Android devices (MD5 is twice as fast, which is
noticable
if the list contains many passwords). With the faster generation of Android
devices,
we should probably offer an option for the slower but more secure SHA
algorithms.
If you have the possibility to contribute a patch regarding your first or second
issue, we would highly appreciate that.
Original comment by peli0...@googlemail.com
on 5 May 2010 at 8:21
Well its an old issue, but as it still is open, it think its still something we
can comment on.
Maybe not just use MD5 and/or SHA but use something like jBCrypt, it is a Java
Implementation of Blowfish and it is free to use
(http://mindrot.org/files/jBCrypt/LICENSE)
While researching for "how to store user passwords in a secure way" for some
web-services i'm working on, i found that this should be the safest way. :)
http://mindrot.org/projects/jBCrypt/
Original comment by kujans...@gmail.com
on 20 Apr 2012 at 7:02
Original issue reported on code.google.com by
zink.joc...@googlemail.com
on 5 May 2010 at 7:42