(cache)Use SHA256 for __elgg_session (!18) · Merge Requests · Minds / Minds Backend - Engine · GitLab

Use SHA256 for __elgg_session

Changed md5 hash to sha256.

Serkan-devel @Serkan-devel · 1 year ago

Who came to the idea to explicitly use md5 for hashing? It's even referenced in the whitpaper. I don't think I need to tell why md5 is insecure
Vinnie Marone @vmarone · 1 year ago

I was a little surprised when, I saw that tbh. After all it is a deacentralized social network.
Mark Harding @markharding · 1 year ago

md5 is used here as it is just very lightweight unique id for the server side session. There's not really any security issue with using md5 here as there aren't really any attack vectors such as brute force attacks that would really do anything.

Passwords are hashed with bcrypt.
Serkan-devel @Serkan-devel · 1 year ago

Fair enough
Mark Harding @markeharding closed 38 minutes ago

closed
You're only seeing other activity in the feed. To add a comment, switch to one of the following options.

Please register or sign in to reply