Insecure M5 hash function in Instagram API code

Question

Insecure M5 hash function in Instagram API code

STANAPI opened this issue 7 years ago · 1 comments

Hello, fellow developers! There seems to be two insecure parts in the Instagram API codes, as it's using MD5 hash function.

The two parts look like this below:

def __init__(self, username, password, debug=False, IGDataPath=None):
    m = hashlib.md5()
    m.update(username.encode('utf-8') + password.encode('utf-8'))

def generateDeviceId(self, seed):
    volatile_seed = "12345"
    m = hashlib.md5()
    m.update(seed.encode('utf-8') + volatile_seed.encode('utf-8'))
    return 'android-' + m.hexdigest()[:16]

What are the potential risk of this? Is there anyway to improve?

Answer 1 · 2018-06-04T07:04:09.000Z

The code snippets you mentioned do not exist in this library. I think you want to file this bug somewhere else.