[OpenID] My 2 Cents to the OpenID foundation

SitG Admin sysadmin at shadowsinthegarden.com
Wed Apr 8 06:15:46 UTC 2009

>I think the degree of security required must be proportional to the value of
>the information you are carrying. SHA1 is fine for basic profile data. You
>need SHA256 only for things like credit card no, social security no, bank
>account no etc etc.

I beg to differ!

It is the USER who may decide the value of their own personal 
information, and there are certainly users who will view this type of 
data as being of vital importance.


More information about the general mailing list