PurpleI2P / i2pd

🛡 I2P: End-to-End encrypted and anonymous Internet
https://i2pd.website
BSD 3-Clause "New" or "Revised" License
3.26k stars 423 forks source link

Use of Password Hash With Insufficient Computational Effort #2120

Open s-b-repo opened 19 hours ago

s-b-repo commented 19 hours ago

X509_sign (x509, pkey, EVP_sha1 ()); // sign, last param must be NULL for EdDSA

line #420 I2PControl.cpp

EVP_sha1 hash (used in EVP_sha1) is insecure. Consider changing it to a secure hashing algorithm.