pidgin: 922d886b: Update this comment. We talked about us...
markdoliner at pidgin.im
markdoliner at pidgin.im
Tue Jul 7 03:10:22 EDT 2009
-----------------------------------------------------------------
Revision: 922d886b1f8807184579604499e4d2b4ad0fe3e5
Ancestor: e1e1720893fdd056f2d3a0c1b059c6338a57110a
Author: markdoliner at pidgin.im
Date: 2009-07-07T07:09:07
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/922d886b1f8807184579604499e4d2b4ad0fe3e5
Modified files:
libpurple/util.c
ChangeLog:
Update this comment. We talked about using CRC32 on the devel list
last week and decided that we want to stick with SHA1.
* We might want to move to something more secure in the future
* It would be nice if we could give client's the ability to specify the
hash function that gets used
-------------- next part --------------
============================================================
--- libpurple/util.c ff376676398e1d9e6157a03e9192f5f460c86ba3
+++ libpurple/util.c b1d6a0bd8339bec1811ef67a7705e85c7f56564d
@@ -2967,10 +2967,10 @@ purple_util_get_image_extension(gconstpo
}
/*
- * TODO: Consider using something faster than SHA-1, such as MD5, MD4
- * or CRC32. Are there security implications to that? Would
- * probably be a good idea to benchmark some algorithms with
- * 3KB-10KB chunks of data (typical buddy icon sizes).
+ * We thought about using non-cryptographic hashes like CRC32 here.
+ * They would be faster, but we think using something more secure is
+ * important, so that it is more difficult for someone to maliciously
+ * replace one buddy's icon with something else.
*/
char *
purple_util_get_image_checksum(gconstpointer image_data, size_t image_len)
More information about the Commits
mailing list