Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multiable Use of Password Hash With Insufficient Computational Effort :CVE #62

Open
s-b-repo opened this issue Oct 17, 2023 · 0 comments
Open

multiable Use of Password Hash With Insufficient Computational Effort :CVE #62

s-b-repo opened this issue Oct 17, 2023 · 0 comments

Comments

@s-b-repo
Copy link

The SHA-1 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm

boolean useBitzi = true;
    if (SystemVersion.isApache() ||            // Harmony
        SystemVersion.isGNU()) {               // JamVM or gij
        try {

128: MessageDigest.getInstance("SHA-1");

[‎core/java/src/net/i2p/crypto/SHA1.java

 */
public static MessageDigest getInstance() {
    if (!_useBitzi) {
        try {

65: return MessageDigest.getInstance("SHA-1");
[‎core/java/src/com/nettgryppa/security/HashCash.java

    throw new IllegalArgumentException("Resource may not contain a colon.");

HashCash result = new HashCash();

179: MessageDigest md = MessageDigest.getInstance("SHA1");

[‎core/java/src/com/nettgryppa/security/HashCash.java]

 *  @return 16 bytes, or null on error
 */
public static byte[] md5Sum(byte[] data) {
    try {

229: MessageDigest md = MessageDigest.getInstance("MD5");

[‎core/java/src/net/i2p/util/PasswordManager.java] core/java/src/net/i2p/util/PasswordManager.java#L229)

The MD5 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm

    // for backwards compatability.  next time we have a backwards
    // incompatible change, we should update this by removing ", 32"
    // SEE NOTES ABOVE
    try {

108: MessageDigest md = MessageDigest.getInstance("MD5");

/router/java/src/net/i2p/router/transport/udp/SSUHMACGenerator.java#L108)

	s.append(ipInt);
	s.append('+');
	s.append(inetSalt);
	MessageDigest md;

95: md = MessageDigest.getInstance("SHA1");

apps/imagegen/identicon/core/src/main/java/com/docuverse/identicon/IdenticonUtil.java#L95)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@s-b-repo