Update hash function to use SHA-256 for enhanced security#23
Closed
Celestarien wants to merge 1 commit into
Closed
Update hash function to use SHA-256 for enhanced security#23Celestarien wants to merge 1 commit into
Celestarien wants to merge 1 commit into
Conversation
In response to known vulnerabilities in SHA-1, including susceptibility to collision attacks, this update moves the hash function from SHA-1 to SHA-256. This change improves the overall security of the application by ensuring that the hashing algorithm is resistant to current cryptographic attacks.
Member
|
this change is not backwards compatible |
Member
|
i do agree that sha256 would be preferred, but at the same time it also doesn't matter much because the hash usage is not security critical. its purpose is just to improve privacy, by making it harder to figure out which settings belong to which user. there is not much point trying to attack the hash because you don't gain anything from knowing which user the settings belong to since it's impossible to migrate an old database (because we have no way to retrieve the original values from the hash), this update would mean losing everyone's settings data. thanks regardless |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In response to known vulnerabilities in SHA-1, including susceptibility to collision attacks, this update moves the hash function from SHA-1 to SHA-256. This change improves the overall security of the application by ensuring that the hashing algorithm is resistant to current cryptographic attacks.