<div dir="ltr">I'm introducing support for HMAC-SHA384, HMAC-SHA512, DH-SHA384 and DH-SHA512 to DotNetOpenId, consistent with the naming scheme defined in OpenID 2.0. I think somewhere in the spec it suggests that independent implementations can create new ones of these, so I think this is in conformance with that spirit. Anyway it still supports backward compatibility to the lesser hashes, and in fact the RP may end up defaulting to asking for 256 bit hashes for now anyway since that is still considered a secure hash and it's more likely to succeed at associating with an OP than 384 or 512 is at the moment. :)<br>
<br>Speaking of secure hashes, SHA1 isn't one. It's been broken. Why is <a href="http://yahoo.com">yahoo.com</a> still only supporting SHA1? <br></div>