|
|
|
|
|
|
by seanw444
1596 days ago
|
|
|
It looks like it links down to the PHP `password_hash` function, and there's this gem in the documentation [0]: > If your pepper contains 128 bits of entropy, and so long as hmac-sha256 remains secure (even MD5 is technically secure for use in hmac: only its collision resistance is broken, but of course nobody would use MD5 because more and more flaws are found)... Which means whoever developed this file photo app may have read this clear shot at MD5, and still used it anyways. That's kinda funny. [0] https://www.php.net/manual/en/function.password-hash.php |
|
|