nsepetys, Member
Hello myDBR Representative,
How are you doing? It was announced today that research between the CWI Institute and Google found the first official SHA-1 collision. In light of this I would like to request that the hashing algorithm for report URLs be updated to one of the later SHA encrypting standards (like the recommended SHA-256). As always, I appreciate your guys' willingness and quick response to meet industry standards in security.
Sincerely,
Noah
myDBR Team, Key Master
Noah,
we can add configuration option for the hashing algorithm. It may require some easy changes from user's side as the URL's and implementations (Single Sign-On) will change when the algorithm is changed.
--
myDBR Team
erasmussen, Member
I see that there are several settings in the defaults.php file under the hashing_algorithm array, including sso, automatic_parameter_session_id, and default, and I am aware that to override those I should put my custom values into the user/defaults.php file. Where can I find documentation on the other available hashing algorithms?
myDBR Team, Key Master
The $mydbr_defaults['hashing_algorithm'] array defines the hashing algorithms in use:
sso - What algorithm is used in Single Sign-On protocolautomatic_parameter_session_id - What algorithm is used for automatic parameter inSessionIDHashdefault - Other use (report URL's, other use)The hashing algorithm available depends on your PHP version. You can check the available algorithms with hash_algos() PHP function.
You can change the algorithm from the default SHA1 by defining one in user/defaults.php. However, it would need some serious computational power for brute force attack even the SHA1.
$mydbr_defaults['hashing_algorithm']['default'] = 'sha256';
--
myDBR Team
erasmussen, Member
That's exactly what I needed to know. Thanks!
You must log in to post.