Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider using sha256 instead of md5 in config/manifest.inc.php #7029

Open
aureq opened this issue Jan 15, 2015 · 2 comments
Open

Consider using sha256 instead of md5 in config/manifest.inc.php #7029

aureq opened this issue Jan 15, 2015 · 2 comments
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.

Comments

@aureq
Copy link

aureq commented Jan 15, 2015

Hi

md5 is officially broken(1) and we should consider migrating to sha256 in config/manifest.inc.php

Thanks

Links:

  1. http://en.wikipedia.org/wiki/Collision_attack#cite_note-2
@aureq aureq added the Bug For errors / faults / flaws / inconsistencies etc. label Jan 15, 2015
@tsteur tsteur added this to the Short term milestone Jan 19, 2015
@tsteur
Copy link
Member

tsteur commented Jan 19, 2015

Should be easy to change in Piwik itself but also requires change in other repos such as https://github.com/piwik/piwik-package/blob/master/scripts/build-package.sh#L169

@aureq
Copy link
Author

aureq commented Jan 19, 2015

@tsteur Totally agree with you, the build-package.sh as well as the Makefile. But definitely no big deal.

@mattab mattab modified the milestones: Short term, Mid term Apr 7, 2015
@mattab mattab added c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. and removed Bug For errors / faults / flaws / inconsistencies etc. labels Sep 11, 2015
@mattab mattab modified the milestones: Short term, Mid term Sep 11, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Projects
None yet
Development

No branches or pull requests

3 participants