ForumsDevelopersStronger token encryption?

Forums
Watchlist
Search
Profile
Rules

Stronger token encryption?

Author	Message
will.sargent	Posted: Mar 19, 2012 Score: 1 Reference will.sargent Posted: Mar 19, 2012 Score: 1 Reference Hi there, I noticed that version 2.0 is using MD5 with the app token for authentication. It's actually very easy for today's hardware to break MD5 -- either by reverse engineering it, or by creating a key that looks like it. Just google for "MD5 security risk" to see the results. Using HMAC-SHA512 or another SHA-2 based algorithm would provide much better security -- any chance of an upgrade?
Jake Toodledo Founder	Posted: Mar 19, 2012 Score: 0 Reference Jake (Founder) Posted: Mar 19, 2012 Score: 0 Reference Yes, we are planning to upgrade to Sha-2 for version 3.0 of the api, which we are working on.

Author

Message

Posted: Mar 19, 2012

Score: 1 Reference

will.sargent
Posted: Mar 19, 2012
Score: 1
Reference

Hi there,

I noticed that version 2.0 is using MD5 with the app token for authentication. It's actually very easy for today's hardware to break MD5 -- either by reverse engineering it, or by creating a key that looks like it. Just google for "MD5 security risk" to see the results.

Using HMAC-SHA512 or another SHA-2 based algorithm would provide much better security -- any chance of an upgrade?

Jake

Toodledo Founder

Posted: Mar 19, 2012

Score: 0 Reference

Jake (Founder)
Posted: Mar 19, 2012
Score: 0
Reference

Yes, we are planning to upgrade to Sha-2 for version 3.0 of the api, which we are working on.

You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.