MD5 and SHA1 now have to be considered flawed

Coordinator
Jan 8, 2009 at 10:22 AM
Edited Feb 17, 2009 at 4:28 PM
For details please see
http://isc.sans.org/diary.html?storyid=5590&rss
http://gcn.com/Articles/2008/12/31/SSL-certs-busted.aspx?p=1
http://www.securityfocus.com/news/11541
http://www.heise-online.co.uk/security/25C3-MD5-collisions-crack-CA-certificate--/news/112327
http://www.securityfocus.com/brief/880

Version 0.2N of Common Data uses a SHA256 implementation with inbuilt SALT and IV rather
rely on the user to supply them. Incorporation of HMAC has been considered, however as
the functions are targeted at data to be stored in a database, it is not being introduced
as this stage. The expert help of a fellow member of the ASP.NET forum is gratefully acknowledged.