Weak Cryptographic Hash

Tencent / VasSonic

VasSonic is a lightweight and high-performance Hybrid framework developed by tencent VAS team, which is intended to speed up the first screen of websites working on Android and iOS platform.

Other

11.8k stars 1.61k forks source link

Weak Cryptographic Hash #348

Open QiAnXinCodeSafe opened 4 years ago

QiAnXinCodeSafe commented 4 years ago

https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicUtils.java#L688

https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicUtils.java#L701

Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts.