Legend

Forum

Unread topics or posts

Topic

Unread posts

Locked

Announcement

Forums > Developers

Stronger token encryption?



AuthorMessage
will.sargent

Posted: Mar 19, 2012
Score: 1



Hi there,

I noticed that version 2.0 is using MD5 with the app token for authentication. It's actually very easy for today's hardware to break MD5 -- either by reverse engineering it, or by creating a key that looks like it. Just google for "MD5 security risk" to see the results.

Using HMAC-SHA512 or another SHA-2 based algorithm would provide much better security -- any chance of an upgrade?
Jake

Toodledo Admin
Posted: Mar 19, 2012
Score: 0



Yes, we are planning to upgrade to Sha-2 for version 3.0 of the api, which we are working on.
You cannot reply yet


To participate in these forums, you must be signed in.



Toodledo Forums > Developers

Contact Us | Blog | API | Jobs | Press | Documentation | Forums Privacy | Terms | Copyright © 2004-2014