Open iamtakingithard opened 2 years ago
Holy shit, RustCrypto as library is very ancient and currently deprecated so I definetely take care of this.
MD5 was selected specifically because Erlang (and therefor pleroma) can do it natively. The security really doesn't matter that much here, because these are only alive for about a minute before becoming invalid, while using MD5 makes it easy to implement for whoever is using the service.
Alright, I will keep MD5 then.
What about something like SHA-256?
What about something like SHA-256?
Seems that erlang does support this one, but the change has to be backwards compatible somehow.
The BLAKE3 is a far more faster and better security. It will be a good replacement for MD5.