Change hashing function back to MD5

Yes, I'm changing back yet again I've spent some of the last few months working on a project that required extensive investigation into the pros/cons of cryptographic vs. non-cryptographic hashes, collision resistance, and hash size. In short, MD5 remains fine for use for things like unique hashing. FNV is most likely fine, but MD5 is plenty fast for this kind of work. And 32 bits means that a birthday attack/collision becomes much more likely (50% chance of finding one after 77K inputs). SHA1 is overkill, at least for the things we are doing in Horde_Imap_Client.
horde · Jan 6, 2015 · 7ccf695 · 7ccf695
1 parent 83f7f8e
commit 7ccf695
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 14 deletions.
diff --git a/framework/Imap_Client/lib/Horde/Imap/Client/Base.php b/framework/Imap_Client/lib/Horde/Imap/Client/Base.php
@@ -712,7 +712,7 @@ public function getNamespaces(
     {
         $additional = array_map('strval', $additional);
         $sig = hash(
-            (PHP_MINOR_VERSION >= 4) ? 'fnv132' : 'sha1',
+            'md5',
             json_encode($additional) . intval(empty($opts['ob_return']))
         );
 
@@ -2536,10 +2536,7 @@ private function _fetchWrapper($mailbox, $query, $options)
                         if (!empty($val['cache']) && !empty($val['peek'])) {
                             $cache_array[$k] = $v;
                             ksort($val);
-                            $header_cache[$key] = hash(
-                                (PHP_MINOR_VERSION >= 4) ? 'fnv132' : 'sha1',
-                                serialize($val)
-                            );
+                            $header_cache[$key] = hash('md5', serialize($val));
                         }
                     }
                     break;
@@ -3813,10 +3810,7 @@ protected function _getSearchCache($type, $options)
         }
 
         ksort($options);
-        $cache = hash(
-            (PHP_MINOR_VERSION >= 4) ? 'fnv132' : 'sha1',
-            $type . serialize($options)
-        );
+        $cache = hash('md5', $type . serialize($options));
         $cacheid = $this->getSyncToken($this->_selected);
         $ret = array();
 

diff --git a/framework/Imap_Client/lib/Horde/Imap/Client/Fetch/Query.php b/framework/Imap_Client/lib/Horde/Imap/Client/Fetch/Query.php
@@ -292,10 +292,7 @@ public function remove($criteria, $key)
      */
     public function hash()
     {
-        return hash(
-            (PHP_MINOR_VERSION >= 4) ? 'fnv132' : 'sha1',
-            serialize($this)
-        );
+        return hash('md5', serialize($this));
     }
 
     /* ArrayAccess methods. */

diff --git a/framework/Imap_Client/lib/Horde/Imap/Client/Socket/Pop3.php b/framework/Imap_Client/lib/Horde/Imap/Client/Socket/Pop3.php
@@ -654,7 +654,7 @@ protected function _status($mboxes, $flags)
         $uidl = $this->_capability('UIDL');
         if ($flags & Horde_Imap_Client::STATUS_UIDNEXT) {
             if ($uidl) {
-                $ctx = hash_init((PHP_MINOR_VERSION >= 4) ? 'fnv132' : 'sha1');
+                $ctx = hash_init('md5');
                 foreach ($this->_pop3Cache('uidl') as $key => $val) {
                     hash_update($ctx, '|' . $key . '|' . $val);
                 }