search

SkriptLang / Skript

Skript is a Spigot plugin which allows server admins to customize their server easily, but without the hassle of programming a plugin or asking/paying someone to program a plugin for them.
https://docs.skriptlang.org
GNU General Public License v3.0
1.03k stars 362 forks source link

Address MD5 hashing algorithm #5836

Open TheLimeGlass opened 1 year ago

TheLimeGlass commented 1 year ago

Suggestion

MD5 hashing algorithm in ExprHash is marked as deprecated and provides a warning in the description.

We need to either deprecate it at parsing level or outright remove MD5 capabilities in 2.8.

Potentially replace with another strong algorithm?

Why?

MD5 has been cracked, and is not secure anymore.

Other

Looking for opinions.

Agreement

AyhamAl-Ali commented 1 year ago

I would say warn the player for using it but not removing it as some people may have some use for it as they like and adding a new algorithm is good idea.

Moderocky commented 1 year ago

This absolutely should not be removed; most usage is for cheap comparing of file changes and large strings, where the security isn't really a concern. Minecraft itself uses MD5 hash a lot, so users may need it for that (e.g. sending resource packs)

Pikachu920 commented 1 year ago

This absolutely should not be removed; most usage is for cheap comparing of file changes and large strings, where the security isn't really a concern. Minecraft itself uses MD5 hash a lot, so users may need it for that (e.g. sending resource packs)

totally agree. a warning would be good (ideally configurable using EffSuppressWarnings), but there are many reasons to use md5s besides passwords.