New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

建议替换 MD5 为更安全的哈希算法 #7785

Open

4 tasks done

kexinoh opened this issue Jan 6, 2025 · 0 comments

Open

4 tasks done

建议替换 MD5 为更安全的哈希算法 #7785

kexinoh opened this issue Jan 6, 2025 · 0 comments

Labels

kexinoh commented Jan 6, 2025

Please make sure of the following things

I have read the documentation.
I'm sure there are no duplicate issues or discussions.
I'm sure this feature is not implemented.
I'm sure it's a reasonable and popular requirement.

Description of the feature / 需求描述

当前代码在 Digest 认证过程中使用了 MD5 进行哈希计算。MD5 已被认为是不安全的哈希算法，不适合用于安全敏感的场景。

Suggested solution / 实现思路

为了提高认证过程的安全性，建议将 MD5 替换为更安全的哈希算法，例如 SHA-256 或 SHA-3。

相关文件地址：
https://github.com/AlistGo/alist/blob/687124c81d8256ea202689fbca019d6fcffb10af/pkg/gowebdav/digestAuth.go

建议的解决方案：

将 getMD5 函数及相关代码中的 MD5 替换为 SHA-256 或 SHA-3。

更新 algorithm 字段的处理逻辑，以支持新的哈希算法。

此改动将提升 Digest 认证机制的安全性。

Additional context / 附件

No response

kexinoh added the enhancement label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment