Fix code scanning alert - Use of a broken or risky cryptographic algorithm
Closed this issue · 4 comments
rfc2822 commented
Is MD5 secure enough to display a fingerprint to let users decide whether the certificate is trusted? Otherwise just keep SHA1
Tracking issue for:
rfc2822 commented
ArnyminerZ commented
Well, MD5 is not proper hashing, so I understand that it might be deprecated. I would personally use SHA-1.
For the end user it's almost the same, just numbers and letters.
rfc2822 commented
Yes I'd do like Firefox and display the SHA-1 and the SHA-256 hash. So we just need to replace MD5 with SHA-256 :)