the md5() and sha1() hash functions should never be used in any code

Created on 18 September 2018, about 6 years ago

Updated 29 January 2024, 10 months ago

Problem/Motivation

Use of a Broken or Risky Cryptographic Algorithm in modules/contrib/entity_browser/src/plugin/field/fieldwidget/entityreferencebrowserwidget.php (line 522)

'#name' => $this->fieldDefinition->getName() . '_remove_' . $entity->id() . '_' . $row_id . '_' . md5(json_encode($field_parents)),

See https://www.drupal.org/node/845876 →

the md5() and sha1() hash functions should never be used in any code

this can be a problem if, for example, Government entities require such audits - which would then require additional documentation to verify that they are indeed, not a security issue.

Proposed resolution

use \Drupal\Component\Utility\Crypt::hashBase64($data)

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report

Status

Needs review

Version

2.0

Component

Display plugins

Created by

🇮🇳India FlutterStack

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 12 months ago →
🇺🇸United States dave reid Nebraska USA
Patch no longer applies and needs to be re-rolled or MR opened.
Status changed to Needs review 10 months ago10:45am 29 January 2024
Comment 10 months ago →
🇧🇪Belgium fernly
Reroll of patch 24 against current 8.x-2.x-dev version (should work on 8.x-2.10).

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024