Open midhunm-c opened 2 years ago
@adnanal-hrbl @faizr - tagging you guys also.
The hashes are not used for encrypting but only for getting the hash of a file, e.g. to check for integrity. So there shouldn't be any issues here unless you're using the hash to "encrypt" your file so it's not readable anymore.
Is there an update on this? I'm having this same issue.
@Brune04 yep, still the same. MD5 und SHA1 are valid for a hash sum of a file to check it's integraty. Since it is still very hard to match the MD5 of an existing file (we're talking about collision attacks here) I don't see any reason to force repalce these alorithms. Especially since they are sill very common for file integraty checks.
Hi @RonRadtke ,
Our application has gone through Whitehat security scan and reported the usage of insecure cryptography as mentioned below:
Since the application is not directly using any kind of encryption, I have gone through dependencies and found in file ReactNativeBlobUtilFS
hash method is using CC_MD5 and CC_SHA1 API's.
and their recommendation is not to use weak algorithms
Could you please have a look into this?