[drupal-devel] Contract Module

[Nathan Wheatley]

On 08/06/2005, at 8:53 AM, Kieran Lal wrote:

>
> On Jun 7, 2005, at 3:25 PM, NSK wrote:
>
>
>> On Tuesday 07 June 2005 08:40, Nathan Wheatley wrote:
>>
>>
>>> MD5, or SHA-1 [...] (MD5 [...] used by Drupal)
>>>
>>>
>>
>> Isn't SHA-1 more secure than MD5? MD5 is 128bit but SHA-1 is 160bit.
>>
>> I think both are crackable today, but MD5 is more well-known and  
>> therefore an
>> easier target for cracking. I recently had to choose between MD5  
>> and SHA1 for
>> an application, and I chose SHA-1.
>>
>
> It's time dependent.  Just because something CAN be cracked doesn't  
> mean it will for the application.   So if you want a password for a  
> bank you use something that's harder.  If you are hashing for  
> instant messages that will read inside of 5 seconds then MD5 isn't  
> going to be broken in that timeframe.
>
> I've yet to hear of MD5 being casually exploited for simple end  
> user applications.
>
> Cheers,
> Kieran
>
>
>
>>
>> -- 
>> NSK
>> http://portal.wikinerds.org
>>
>>
>>
>
>
>
>

I think any one is fine. Everything can be broken if time permits. I  
would just like a more secure form of agreement between myself and  
the client, other than an email saying 'go ahead'. That could be  
anyone sending that email. And, I understand that anyone could obtain  
the clients Drupal username/ password pair, then use their password  
(even a new one) as the private key to digitally sign the document,  
but the chances of someone else doing this are dramatically reduced  
(IMO).

Also, if that process is used to SIGN the document, it has much more  
legal standing than the perviously mentioned email.

Kieran, I would love to hear more of what you have to say about this.  
Drop me a line at [nathan at skoap.com]. Or, just continue in the list.  
That is what it is used for. Either way, I don't mind.

Anyone interested in working on this? That is my next question. I  
want this puppy on the production line ASAP.