In the United States government use, you want to be on the FIPS (Federal
Information Processing Standards) list of acceptable algorithms. From an open
standard perspective you would also want to have at least one algorithm which
is unencumbered by patents.
According to http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
the FIPS hash algorithms are: SHA-1, SHA-256, SHA-384, and SHA-512
-Rob
Patrick Durusau <patr...@durusau.net> wrote on 11/28/2006 06:29:31 AM:
David,
David Faure wrote:
On Tue Nov 28 2006, Patrick Durusau wrote:
Shouldn't encryption of the password be considered as application
specific?
This would simply kill interoperability. Why don't we standardize
the hash function instead?
Sure, but we did not even specify a choice of hash functions in the
current version.
So, specifying what must/should be supported will enhance
interoperability but would be more restrictive than our prior statements
on this issue.
Does anyone know if the list of hash functions posted by Florian
(thanks!) would be considered sufficient by government agencies? Or common?
Hope everyone is having a great day!
Topic Maps: Human, not artificial, intelligence at work!
22 messages in org.oasis-open.lists.officeRe: [office] Passwords
.pgp