#6054: Security should use SHA1 by default not MD5
-------------------------------------------------------+--------------------
Reporter: ionas82 | Type: Bug
Status: new | Priority: Low
Milestone: 2.0.0.x | Component: Auth
Version: | Severity: Major
Keywords: Security, setHash(), md5, sha1, sha256 | Php_version: n/a
Cake_version: 8004 |
-------------------------------------------------------+--------------------
There have been many attacks [1], [2] on MD5 recently and in upcoming
releases CakePHP should use at least SHA1 (or SHA256?) by default instead
of MD5 which could still be set by Security::setHash();
[[BR]][[BR]]
[1] http://en.wikipedia.org/wiki/Md5#Vulnerability[[BR]]
[2] http://www.google.de/search?q=md5+vulnerability+insecure+attack
--
Ticket URL: <https://trac.cakephp.org/ticket/6054>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
