[OpenID] My 2 Cents to the OpenID foundation
sysadmin at shadowsinthegarden.com
Wed Apr 8 06:15:46 UTC 2009
>I think the degree of security required must be proportional to the value of
>the information you are carrying. SHA1 is fine for basic profile data. You
>need SHA256 only for things like credit card no, social security no, bank
>account no etc etc.
I beg to differ!
It is the USER who may decide the value of their own personal
information, and there are certainly users who will view this type of
data as being of vital importance.
More information about the general