SHA1 is a broken hash - Githubissues

ipkn / crow

Crow is very fast and easy to use C++ micro web framework (inspired by Python Flask)

BSD 3-Clause "New" or "Revised" License

7.46k stars 889 forks source link

SHA1 is a broken hash #327

Open marikaswanberg opened 5 years ago

marikaswanberg commented 5 years ago

On the readme, it says that you use the TinySHA1 library. I haven't looked through all of the source code, so I'm not sure exactly how you're using SHA1, but SHA1 has been found to be insecure against collision attacks. You may consider using SHA3 instead.

The-EDev commented 3 years ago

TinySHA1 as far as I could see is only being used to hash the hello string sent when initiating a websocket, I'm not sure if the hello string needs securing, but no sensitive data storage is using SHA1, in fact no part in the library even stores data.