[TYPO3-core] RFC: #10201: Duplicate cHash Values
Francois Suter
fsu-lists at cobweb.ch
Mon Sep 7 21:40:26 CEST 2009
Hi,
> I'm speaking for myself only.
Noted. Thanks for the feedback.
> The concerns are about the same problems like in showpic that have been
> discussed recently in #11721.
>
> Regarding full md5 hashes for cHash, there's (currently) no way to get
> hold of the encryption key. Basis for it would be successful preimage
> attacks for md5 (although it's not classical preimage problem). Such
> attacks are not known to be succeeded for md5 (yet).
Even if you're not speaking for the whole of the security team, I would
consider that the security worries have been addressed. Indeed the
discussion about #11721 is very similar and the concerned has been
addressed in detail there.
I'm going to take care of the commit later.
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-team-core
mailing list