isKnownWeak

Note, this only checks Phobos's RNG's and digests, and only by type. This works on a blacklist basis - it blindly accepts any Phobos-compatible RNG or digest it does not know about. This is only supplied as a convenience. It is always your own responsibility to select an appropriate algorithm for your own needs.

And yes, unfortunately, this does currently rule out all RNG's and digests currently in Phobos (as of v2.065). They are all known to be fairly weak for password-hashing purposes, even SHA1 which despite being heavily used has known security flaws.

For random number generators, you should use a CPRNG (cryptographically secure pseudorandom number generator): http://en.wikipedia.org/wiki/Cryptographically_secure_pseudo-random_number_generator

For digests, you should use one of the SHA-2 algorithms (for example, SHA512) or, better yet, an established "key stretching" algorithm ( http://en.wikipedia.org/wiki/Key_stretching#History ), intended for password hashing. These contain deliberate inefficiencies that cannot be optimized away even with massive parallelization (such as a GPU cluster). These are NOT too inefficient to use for even high-traffic authentication, but they do thwart the parallelized brute force attacks that algorithms used for streaming data encryption, such as SHA, are increasingly susceptible to. https://crackstation.net/hashing-security.htm

  1. bool isKnownWeak()
    bool
    isKnownWeak
    (
    T
    )
    (
    )
    if (
    isDigest!T ||
    isSomeRandom!T
    )
  2. bool isKnownWeak(T digest)

Meta