Use of weak ciphers #5176
alexxsanya
started this conversation in
General
Use of weak ciphers
#5176
Replies: 1 comment 1 reply
-
|
We simply wrap the underlying firebase-ios-sdk and firebase-android-sdk libraries, while matching the firebase-js-sdk API as much as possible as we do so. Those libraries use an md5 hash for firebase storage files. https://firebase.google.com/docs/reference/js/firebase.storage.FullMetadata#md5hash You'll want to take this up with them, as we will have it as long as they do |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you so much @mikehardy for clarifying this. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
First of all, thanks for the good work on this package. We use it in our enterprise app - we love it.
Recently, we scanned for security issues in the app and this came up. This package was found to be using weak ciphers (MD5 and/or SHA1). See below.
The report recommends that one should use stronger ciphers like SHA256. Is this something you plan on looking into in the near future?
Beta Was this translation helpful? Give feedback.
All reactions