kaplanlior
commented
3 years ago react-native-sha1 was dropped at 4ff7b4815801abac19a8f5c71cf91a317d1e12b9
Closed emanuelb closed 3 years ago
kaplanlior
commented
3 years ago react-native-sha1 was dropped at 4ff7b4815801abac19a8f5c71cf91a317d1e12b9
sha1 function from package
react-native-sha1is used to hash BSSID in file:./src/services/WifiService.tshttps://github.com/MohGovIL/hamagen-react-native/blob/0afc8cabc4ea82c8e3ef469f19f989c8c93de24e/src/services/WifiService.ts#L4 https://github.com/MohGovIL/hamagen-react-native/blob/0afc8cabc4ea82c8e3ef469f19f989c8c93de24e/src/services/WifiService.ts#L17 https://github.com/MohGovIL/hamagen-react-native/blob/0afc8cabc4ea82c8e3ef469f19f989c8c93de24e/src/services/WifiService.ts#L28 which make additional dependency required: https://github.com/MohGovIL/hamagen-react-native/blob/40d0de490d47d53d2a005a57270b98a4176745f5/package.json#L60sha1 function is problematic in general because it's unsafe, collisions easy to generate: https://shattered.io/ https://sha-mbles.github.io/ (in this case collisions are not likely anyway, but still it's adding additional dependency which can be avoided, see below)
also there is already usage of sha256 functions: both package
sha256https://github.com/MohGovIL/hamagen-react-native/blob/40d0de490d47d53d2a005a57270b98a4176745f5/package.json#L72 and/src/services/sha256.jsfile at: https://github.com/MohGovIL/hamagen-react-native/blob/c59aa1669deb2c20fbe229f65f6d812aa096df43/src/services/sha256.js which have related open issues: #151 #152 to use only 1 package instead.fix: change all usages (sha1 & sha256) to sha256 from only 1 package (for performance & security it's better to use native implementation instead of js implementation)