Case in point: Instapaper had a server confiscated by the FBI by mistake (probably) and posted about it in public. The community notified Marco that SHA-1 hashes of passwords are no longer considered secure; bcrypt or scrypt is the best practice today.
So ... I'm having troubles really envisioning how exactly this would work, but ... the design of a given software system has dozens of answers to specific questions of this nature, where an algorithm or a library is selected to meet a need. As time goes on, it should be possible to know when there is an incipient risk, and ideally the programming system should just reprogram the application to use the updated solution.
How do you get there from here? I dunno.
No comments:
Post a Comment