search

jmcerrejon / PiKISS

PiKISS for Raspberry Pi: A bunch of scripts with menu to make your life easier.
http://misapuntesde.com
MIT License
880 stars 92 forks source link

insecureHash #134

Closed Abelkrijgtalles closed 2 years ago

Abelkrijgtalles commented 2 years ago

hashlib.sha1 is insecure. Consider changing it to a secure hashing algorithm (e.g. SHA256). res/groove.py Line 46: return rnd +hashlib.sha1('%s:%s:%s:%s' % (method, _token, secret, rnd)).hexdigest()

jmcerrejon commented 2 years ago

Please, use the same issue opened few minutes ago. Thanks.