Open TheLimeGlass opened 1 year ago
I would say warn the player for using it but not removing it as some people may have some use for it as they like and adding a new algorithm is good idea.
This absolutely should not be removed; most usage is for cheap comparing of file changes and large strings, where the security isn't really a concern. Minecraft itself uses MD5 hash a lot, so users may need it for that (e.g. sending resource packs)
This absolutely should not be removed; most usage is for cheap comparing of file changes and large strings, where the security isn't really a concern. Minecraft itself uses MD5 hash a lot, so users may need it for that (e.g. sending resource packs)
totally agree. a warning would be good (ideally configurable using EffSuppressWarnings
), but there are many reasons to use md5s besides passwords.
Suggestion
MD5 hashing algorithm in ExprHash is marked as deprecated and provides a warning in the description.
We need to either deprecate it at parsing level or outright remove MD5 capabilities in 2.8.
Potentially replace with another strong algorithm?
Why?
MD5 has been cracked, and is not secure anymore.
Other
Looking for opinions.
Agreement