|
|
|
|
|
|
by syoc
1596 days ago
|
|
|
There is also this gem. > Add username and password to protect your Files app by login. You can encrypt your password by using our md5() hash tool if you don't want the password to be exposed in the PHP file. Now I realize it's probably not using md5, but it does not bode well. [1] https://www.files.gallery/docs/config/#password |
|
|
> If your pepper contains 128 bits of entropy, and so long as hmac-sha256 remains secure (even MD5 is technically secure for use in hmac: only its collision resistance is broken, but of course nobody would use MD5 because more and more flaws are found)...
Which means whoever developed this file photo app may have read this clear shot at MD5, and still used it anyways. That's kinda funny.
[0] https://www.php.net/manual/en/function.password-hash.php