Closed christoph-bach closed 4 years ago
aloopkin
commented
4 years ago Hi,
The MD5 hash is not used for any security-related feature, but only because i needed a one-way function to generate an ID. Also, i cannot change it, as it would break existing deployments.
However, what i can do is onboard MD5 directly in the code, so that it won't be blocked by server hardening. Would that suit your need?
christoph-bach
commented
4 years ago Hi,
However, what i can do is onboard MD5 directly in the code, so that it won't be blocked by server hardening. Would that suit your need? => Yes I think that should suit the customer's need, if you would use Bouncy Castle for example. => Another option would be to make it configurable for new deployments.
Thank you. Best regards
aloopkin
commented
4 years ago Committed as 28714b71caef28aac44c33a88ce48cf899897431
aloopkin
commented
4 years ago Released as 1.4.3
Describe the bug
We have customers using server hardening which prevent the use of weak crypto algorithms in Microsoft libraries.
It seems that you use "System.Security.Cryptography.MD5" in the function GetMD5Hash in the Utils class which results in an error on customer side.
Expected behavior Could you please use another algorithm, e.g. "System.Security.Cryptography.SHA256", instead of MD5?
Many thanks Best regards