#6054: Security should use SHA1 by default not MD5
    Reporter:  ionas82                                 |          Type:  Bug  
      Status:  new                                     |      Priority:  Low  
   Milestone:  2.0.0.x                                 |     Component:  Auth 
     Version:                                          |      Severity:  Major
    Keywords:  Security, setHash(), md5, sha1, sha256  |   Php_version:  n/a  
Cake_version:  8004                                    |  
 There have been many attacks [1], [2] on MD5 recently and in upcoming
 releases CakePHP should use at least SHA1 (or SHA256?) by default instead
 of MD5 which could still be set by Security::setHash();
 [1] http://en.wikipedia.org/wiki/Md5#Vulnerability[[BR]]
 [2] http://www.google.de/search?q=md5+vulnerability+insecure+attack

Ticket URL: <https://trac.cakephp.org/ticket/6054>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to