On 10/10/05, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> I noticed the implementation of SHA1, but considering that it has been
> broken [...]

I don't know the details of this - haven't been following crypto stuff
too much lately - but if you're worried about SHA1, you can always use
SHA1+MD5 (just use both algo's and concatenate them); it's extremely
unlikely that there are cases for which both algorithms are
broken/collide...

(update - I read Schneier's post -
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html. I
think it is all too theoretical right now. For digital signatures,
even if you can find a collision - which requires a huge number of
operations - it is extremely unlikely that the collision represents a
valid document. And, as Schneier remarks, if you use a HMAC-style
algorithm, the results aren't relevant at all. As usual, the protocol
is as important as the underlying algorithms...)