-   Linux - Security (
-   -   Off-the-Record plugin, SHA-1 or SHA-2? (

madbullet 06-20-2010 05:22 AM

Off-the-Record plugin, SHA-1 or SHA-2?
Hey everyone at LQ,

Iíve being digging around the net for some clarification about the Off-The-Record plugin for Pigdin (and other IM's).
Basically i want to know if it uses the SHA-1 or SHA-2 hash function. Some might say iím wearing my tin foil hat but the SHA-1 was cracked in 2005 and as far as i know SHA 2 is much more secure.

Wikipedia states it's SHA 1 and the authors of the OTR plugin mention both SHA-1 and SHA-2 in their documentation, and i couldnít find an active pidgin forum (could only find the archived pigdin forums on sourgeforge)

Unless their's a better method to use IM securely?

Cheers guys.


scheidel21 06-21-2010 09:28 AM

What are you talking about that you want encrypted....j/k. Perhaps they have built in SHA-2 in the newest plugin version. Why not try contacting one of the authors? Even though SHA-1 has been broken all encryption is not infallible and eventually breakable so SHA-1 may be work it for you.

All times are GMT -5. The time now is 10:46 PM.