[TYPO3-core] RFC: #10201: Duplicate cHash Values

[Francois Suter]

Hi,

> I'm speaking for myself only.

Noted. Thanks for the feedback.

> The concerns are about the same problems like in showpic that have been
> discussed recently in #11721.
> 
> Regarding full md5 hashes for cHash, there's (currently) no way to get
> hold of the encryption key. Basis for it would be successful preimage
> attacks for md5 (although it's not classical preimage problem). Such
> attacks are not known to be succeeded for md5 (yet).

Even if you're not speaking for the whole of the security team, I would 
consider that the security worries have been addressed. Indeed the 
discussion about #11721 is very similar and the concerned has been 
addressed in detail there.

I'm going to take care of the commit later.

-- 

Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch