You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The SDK uses the SHA1 to check that the correct parameter files have been downloaded. SHA1 is vulnerable to collision attacks, so it should be replaced with SHA256 or another secure hash function.
This is not a security risk, since SHA1 is still secure against second-preimage attacks (which is what would be needed to get the wallet to accept bad parameter files), nevertheless SHA1 should still be avoided.
Describe the solution you'd like
Check and refactor File.getSha1Hash(): String API
Alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
The SDK uses the SHA1 to check that the correct parameter files have been downloaded. SHA1 is vulnerable to collision attacks, so it should be replaced with SHA256 or another secure hash function.
This is not a security risk, since SHA1 is still secure against second-preimage attacks (which is what would be needed to get the wallet to accept bad parameter files), nevertheless SHA1 should still be avoided.
Describe the solution you'd like
Check and refactor
File.getSha1Hash(): String
APIAlternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: