Open briancameron-appsec opened 8 months ago
crypto-js is discontinued. Probably a good idea to switch to using something else as a dependency for SHA.
I notice crypto-js is only used here: https://github.com/wonday/react-native-pdf/blob/5df5a1b0bfb5cea129eb9e1f9a610166c3b94bf1/index.js#L25
SHA-1 is considered unsafe and has collision concerns. Shouldn't SHA-256 be used instead these days?
https://github.com/brix/crypto-js
briancameron-appsec
commented
8 months ago briancameron-appsec
commented
8 months ago
crypto-js is discontinued. Probably a good idea to switch to using something else as a dependency for SHA.
I notice crypto-js is only used here: https://github.com/wonday/react-native-pdf/blob/5df5a1b0bfb5cea129eb9e1f9a610166c3b94bf1/index.js#L25
SHA-1 is considered unsafe and has collision concerns. Shouldn't SHA-256 be used instead these days?