Request to remove support for MD5

joltup / rn-fetch-blob

A project committed to making file access and data transfer easier, efficient for React Native developers.

MIT License

2.81k stars 772 forks source link

Request to remove support for MD5 #645

Open jonthanon opened 3 years ago

jonthanon commented 3 years ago

Is there any chance of removing this support for MD5 from RNFetchBlobFS's hash function?

My company has asked us to remove all references to CC_MD5 (due to MD5 being cryptographically broken and CC_MD5 being deprecated by Apple), regardless of whether it's used for cryptographic purposes or called by our code.

Update: I noticed it's also used here for generating a filename.

wizebin commented 3 years ago

If your company requires you remove references to CC_MD5 then you or your company should fork the library.

lroling8350 commented 3 years ago

Would you accept a PR which adds macros to enable/disable sha1, md5, and untrusted SSL certs? Branch did something similar with IDFA support here and allows users to set BRANCH_EXCLUDE_IDFA_CODE as a preprocessor to remove during build. It would satisfy the ability for users to compile out without having to fork the library. In this case I would have each respected component compile in throwing an exception stating it was disabled during compilation.