Deprecated Hash Function
1 posts by 1 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: 8 hours ago (RSS)
By ht1080z - 8 hours ago
Hi,
After a recent PT where our web-app was tested we got some security remediation.
Deprecated Hash Function: Both the SHA-1 and MD5 methods are deprecated, and should no longer be used for hashing.
Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management. Store passwords using strong adaptive and salted hashing functions with a work factor (delay factor), such as Argon2, scrypt, bcrypt or PBKDF2.
Is there any plan to replace the hash function in the cmsb/membership?