[TYPO3-core] RFC: #10201: Duplicate cHash Values

Steffen Kamper info at sk-typo3.de
Fri Mar 27 14:22:10 CET 2009


Hi,

Francois Suter schrieb:
> Hi,
> 
>>> The issue we experience, is sometimes when cHash doesn't match, a wrong
>>> page is loaded. This was happening constantly with the short hash, but
>>> less so after the patch - so I guess it has to do with the security
>>> check you mention?
>>
>> I do not remember details about the security check :( I think it was 
>> mentioned in the Kasper's cHash tutorial.
> 
> I went through the Mysteries of cHash again and the only thing about 
> security I found is when the cHash is empty. I didn't see anything 
> related to the length of the cHash itself. On the contrary, I would say 
> Dan's patch provides increased security.
> 
> Cheers
> 

for sure full MD5 is better than shortMD5.
The only one is that MD5 isn't secure since the hash tables can be found 
in internet.

But, we need it as identifier, not as login value here :-)

vg Steffen


More information about the TYPO3-team-core mailing list