jonchurch
commented
2 months ago sha1 is being used as a fast and efficient hash to detect changes in the session object
It is not cryptographically relevant, nor used for signing purposes.
Open lucianidev opened 4 months ago
jonchurch
commented
2 months ago sha1 is being used as a fast and efficient hash to detect changes in the session object
It is not cryptographically relevant, nor used for signing purposes.
krko12345
commented
1 month ago Hello team, is this going to be addressed at some point soon? Session is being reported as vulnerability by monitoring tools because of its use of sha1.
hello, in the issue #989 the user references a vulnerability in the hashing algorithm sha1. The hashing method resulted vulnerable to hash collision, making it insecure. I changed the hashing method from sha1 to sha256 making it more secure. Tell me about any problems. I hope you have a good day
Documentation: https://crypto.stackexchange.com/questions/48289/how-secure-is-sha1-what-are-the-chances-of-a-real-exploit https://www.quora.com/How-secure-is-SHA1-What-are-the-chances-of-a-real-exploit https://stackoverflow.com/questions/38038841/why-is-sha-1-considered-insecure