Home>

simplechan
The simplechan bulletin board above was installed. This bulletin board uses md5 for hashing.
I looked into it and found that md5 was weak in security. So I want to change it to something more powerful and easy to configure, such as bcrypt, PBKDF2, scrypt.
How should I change the code to set it up? Should md5 just change to that hashed name?

  • Answer # 1

    I have such a question in the past ~
    Password hashing

  • Answer # 2

    I think it depends on the purpose of using md5 on the bulletin board.
    I haven't looked at the details in detail, but when I look at the source, it seems that I only use it to get the post's uid and name hash. However, what kind of security problems do you assume?

    Depending on technical capabilities, I think thathashlib.sha512that can be used with hashlib is a temporary line if you want to do it easily.

  • Answer # 3

    Wikipedia MD5
    https://en.wikipedia.org/wiki/MD5

      

    ...
      The US government uses Secure Hash Algorithm (SHA) instead of MD5 as the standard hash. CRYPTREC in Japan removes MD5 from the government recommended cipher list and recommends SHA-256 or higher.
      ...

    CRYPTREC cipher list (e-government recommended cipher list)

      

    ...
      Hash function SHA-256 SHA-384 SHA-512
      ...