Closed robert-scheck closed 6 years ago
sbidy
commented
6 years ago The MD5 hash is only used for a representation in blacklist. There is no security related functionality and a collision leads to a reject. The MD5 is consciously chosen because it is much faster than a SHA1, 256 or 512 - using a complex algorithmic can end up in a DoS.
robert-scheck
commented
6 years ago I did not measure the consumed resources, thus I don't know the impacts; nevertheless I get your point. But if performance is a serious matter, there are also faster hash functions than MD5 which are at least as secure as the latest standard SHA-3. In the end, I do not have a strong opinion here, I just stumbled over it when looking to the code. Feel free to defer and close.
sbidy
commented
6 years ago Close -> no direct impact to security and change will invalidate old hash table; add review mark in later release; put idea and discussion to dev. backlog
MD5 has known hash collision weaknesses, however this PR to SHA512 will invalidate all previous MD5 hashes in the existing hash table files out there.