masatoshiitoh / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Weak cryptographic hashes cannot guarantee data integrity #216

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

1-MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify 
the integrity of messages and other data. 
Recent advances in cryptanalysis have discovered weaknesses in both algorithms. 
Consequently, MD5 and SHA-1 should no longer be relied upon to verify the 
authenticity of data in security-critical contexts. 

What is the expected output? What do you see instead?

Recommendations:
Discontinue the use of MD5 and SHA-1 for data-verification in security-critical 
contexts. Currently, SHA-224, SHA-256, SHA-384 and SHA-512 are good 
alternatives. 

Additional information.

Php Version:

Lines Affected on outh.php :

132
207
227
492

Many Thanks
Ivan Sanchez / www.evilcode.com.ar

Original issue reported on code.google.com by infonull...@gmail.com on 20 Oct 2011 at 12:38