sky_123
Advanced Member level 4
I understand that, but consider that when you use HTTPS, that today still uses SHA-1. The hash is just one part of public/private key encryption however. In your case, you're implementing just the hash and random number procedure (i.e. HTTP Digest). You could use the best hash method possible but still have weak security if you have poor random number algorithm, or if the device on the other end is easily cracked. Still, you'll be the best authority on it, if you study authentication procedures. If you really want the absolute in security, you wouldn't be considering this method - you'd be looking at certificate based methods. However, you've reached the extent of my knowledge - I'm no expert, and only offering my opinion. Good luck!