#6054: Security should use SHA1 by default not MD5
-------------------------------------------------------+--------------------
    Reporter:  ionas82                                 |          Type:  Bug  
      Status:  new                                     |      Priority:  Low  
   Milestone:  2.0.0.x                                 |     Component:  Auth 
     Version:                                          |      Severity:  Major
    Keywords:  Security, setHash(), md5, sha1, sha256  |   Php_version:  n/a  
Cake_version:  8004                                    |  
-------------------------------------------------------+--------------------
 There have been many attacks [1], [2] on MD5 recently and in upcoming
 releases CakePHP should use at least SHA1 (or SHA256?) by default instead
 of MD5 which could still be set by Security::setHash();
 [[BR]][[BR]]
 [1] http://en.wikipedia.org/wiki/Md5#Vulnerability[[BR]]
 [2] http://www.google.de/search?q=md5+vulnerability+insecure+attack

-- 
Ticket URL: <https://trac.cakephp.org/ticket/6054>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to 
tickets-cakephp+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to