ForumsDevelopersStronger token encryption?


Stronger token encryption?
Author Message
will.sargent

Posted: Mar 19, 2012
Score: 1 Reference
Hi there,

I noticed that version 2.0 is using MD5 with the app token for authentication. It's actually very easy for today's hardware to break MD5 -- either by reverse engineering it, or by creating a key that looks like it. Just google for "MD5 security risk" to see the results.

Using HMAC-SHA512 or another SHA-2 based algorithm would provide much better security -- any chance of an upgrade?
Jake

Toodledo Founder
Posted: Mar 19, 2012
Score: 0 Reference
Yes, we are planning to upgrade to Sha-2 for version 3.0 of the api, which we are working on.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.