679990dc4b
[UPDATED] Algorithm updated to reflect advice from randombit.net
cryptography list:
- Add in a salt (user name) to defeat rainbow tables.
- Add in a fixed string to scope the algorithm and avoid
colliding with someone else's similar or identical
algorithm (also helps protect against precalculated
rainbow tables).
- Use HMAC instead of plain SHA to avoid SHA weaknesses.
The old implementation wasn't vulnerable to extension
attacks or other known weaknesses, but HMAC is a safer
choice and will bring up less suspicion.
- Prefix strings by length as an extra precautionary
measure against possible bugs in hash functions.
