iamtakingithard
commented
2 years ago Holy shit, RustCrypto as library is very ancient and currently deprecated so I definetely take care of this.
Open iamtakingithard opened 2 years ago
iamtakingithard
commented
2 years ago Holy shit, RustCrypto as library is very ancient and currently deprecated so I definetely take care of this.
vaartis
commented
2 years ago MD5 was selected specifically because Erlang (and therefor pleroma) can do it natively. The security really doesn't matter that much here, because these are only alive for about a minute before becoming invalid, while using MD5 makes it easy to implement for whoever is using the service.
iamtakingithard
commented
2 years ago Alright, I will keep MD5 then.
Your-New-SJW-Waifu
commented
1 year ago What about something like SHA-256?
vaartis
commented
1 year ago What about something like SHA-256?
Seems that erlang does support this one, but the change has to be backwards compatible somehow.
The BLAKE3 is a far more faster and better security. It will be a good replacement for MD5.