Replace SHA-1 with a more secure hashing algorithm

[ytimocin]

Area for Improvement

Right now, we use SHA-1 hashing algorithm in cases like hashing the resource IDs or creating ETags.

We should use a more secure hashing algorithm since SHA-1 is not recommended for production use: https://pkg.go.dev/crypto/sha1. From its official documentation: "SHA-1 is cryptographically broken and should not be used for secure applications."

• [ ] Update SHA-1 to a more secure for UCP component (if applicable)
• [ ] Update SHA-1 to a more secure for Dynamic RP component (if applicable)
• [ ] Update SHA-1 to a more secure for Applications RP component (if applicable)
• [ ] Update SHA-1 to a more secure for Controller component (if applicable)
• [ ] Update SHA-1 to a more secure for Dashboard component (if applicable)
• [ ] Update SHA-1 to a more secure for Deployment Engine component (if applicable)

Observed behavior

SHA-1 is not secure enough.

Desired behavior

Update to a more secure algorithm.

Proposed Fix

1. Come up with a more secure algorithm and explain in one of the design meetings.
2. Implement the changes.
3. Create/Update unit and/or functional tests.
4. Make sure we don't introduce breaking changes, or, if we do, it should be communicated well.

rad Version

edge

Operating system

No response

Additional context

No response

Would you like to support us?

• [ ] Yes, I would like to support you

AB#13747

[radius-triage-bot[bot]]

:wave: @ytimocin Thanks for filing this issue.

A project maintainer will review this issue and get back to you soon.

We also welcome community contributions! If you would like to pick this item up sooner and submit a pull request, please visit our contribution guidelines and assign this to yourself by commenting "/assign" on this issue.

For more information on our triage process please visit our triage overview

[ytimocin]

Add the link to the threat model. cc/ @ytimocin

[radius-triage-bot[bot]]

:+1: We've reviewed this issue and have agreed to add it to our backlog. Please subscribe to this issue for notifications, we'll provide updates when we pick it up.

We also welcome community contributions! If you would like to pick this item up sooner and submit a pull request, please visit our contribution guidelines and assign this to yourself by commenting "/assign" on this issue.

For more information on our triage process please visit our triage overview