Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] SHA-1 is vulnerable to collisions #211

Open
RyanJField opened this issue Feb 8, 2022 · 3 comments
Open

[Security] SHA-1 is vulnerable to collisions #211

RyanJField opened this issue Feb 8, 2022 · 3 comments
Labels
discussion priority: low wontfix This will not be worked on

Comments

@RyanJField
Copy link
Collaborator

Currently SHA-1 is used for hashing which is vulnerable to collisions, while this poses minimal risk in the context of the FAIR Data Pipeline, this may pose future risks.
@RyanJField RyanJField added discussion priority: low wontfix This will not be worked on labels Feb 8, 2022
@bruvio
Copy link
Collaborator

bruvio commented Mar 9, 2022

@RyanJField we could switch to sha256. I see no conflicts. I have already updated my testing branch. and is all green

@RyanJField
Copy link
Collaborator Author

RyanJField commented Mar 9, 2022
edited

This needs to be agreed with @richardreeve; as if we update it for the CLI the API's should also be updated for consistency.

@bruvio
Copy link
Collaborator

bruvio commented Mar 9, 2022

ok. waiting for instruction on this

RyanJField referenced this issue in FAIRDataPipeline/data-registry Oct 1, 2022
@antony-wilson
In ROCrate change hash to sha256
eff083a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion priority: low wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bruvio @RyanJField