The simplechan bulletin board above was installed. This bulletin board uses md5 for hashing.
I looked into it and found that md5 was weak in security. So I want to change it to something more powerful and easy to configure, such as bcrypt, PBKDF2, scrypt.
How should I change the code to set it up? Should md5 just change to that hashed name?
Answer # 1
I have such a question in the past ~
Answer # 2
I think it depends on the purpose of using md5 on the bulletin board.
I haven't looked at the details in detail, but when I look at the source, it seems that I only use it to get the post's uid and name hash. However, what kind of security problems do you assume?
Depending on technical capabilities, I think that
hashlib.sha512that can be used with hashlib is a temporary line if you want to do it easily.
Answer # 3
The US government uses Secure Hash Algorithm (SHA) instead of MD5 as the standard hash. CRYPTREC in Japan removes MD5 from the government recommended cipher list and recommends SHA-256 or higher.
CRYPTREC cipher list (e-government recommended cipher list)
Hash function SHA-256 SHA-384 SHA-512
- python - i want to calculate the total value and maximum value for each time zone that is pandas
- what is a good database to learn from now on? (web app in python)
- i want to overwrite a python symbolic link
- unable to connect to postgresql from python (no module named'psycopg2')
- python - i want to change the series in which unix time is written to japan time using the apply function
- python - i want to delete a 100 mb file on git
- python - i want to display the date and time field stored in db in a specific format in the browser
- postgresql cannot start
- how to backup postgresql database from php
- postgresql restore nothing written when executing external command in php