This repository has been archived by the owner on Jan 13, 2023. It is now read-only.
Secure Random & Better Hashing Algorithm Support #186
Assignees
Labels
priority: high
A high priority issue or pull request
state: investigating
Something needs extra investigation
type: enhancement
New feature or request
Milestone
Comments
TheDGOfficial
added
type: enhancement
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
Generating randomness with the random source of
new java.util.Random()is not secure.MD5orSHA-256as a hashing algorithm is also not secure.Describe the solution you'd like
It should be kept like that for compatibility reasons and the performance penalty of
new java.security.SecureRandom(), but there should be a config option to switch over tonew java.security.SecureRandom().For the hashing; the default hashing algorithm should also be kept like that, but there should be warnings and a config option to switch over to a new algorithm, like
Argon2(for auth scripts, resource intensive and may be hard to implement but it will be secure)Describe alternatives you've considered
N/A
Additional information
N/A
The text was updated successfully, but these errors were encountered: