- From: Wan-Teh Chang <wtc@google.com>
- Date: Wed, 9 May 2012 15:03:05 -0700
- To: Nadim <nadim@nadim.cc>
- Cc: Jarred Nicholls <jarred@webkit.org>, public-webcrypto@w3.org
On Wed, May 9, 2012 at 2:55 PM, Nadim <nadim@nadim.cc> wrote: > Here's an interesting question, then: > Let's assume, for the sake of argument, that SHA2 is widely recognized as > being a better alternative to SHA1. However, SHA1 is not only far from > broken, but is also as widely used as SHA2, if not more. > > What happens in such a scenario? Do we implement only SHA2 (knowing it to be > more secure) or do we still include SHA1, even if it's the less secure > alternative? I think the Web Cryptography API (at least the low-level interface) should allow SHA-1 and SHA-2. Wan-Teh
Received on Thursday, 10 May 2012 15:48:22 UTC