# HG changeset patch # User Mads Kiilerich # Date 1591902907 -7200 # Node ID 3a12df6cbf3056831e839d734184c76b1e8331c4 # Parent 87de82eb7cb00568f29229da44287dafcfaee055 lib: use sha1 instead of md5 in a couple of places md5 is dead and should be avoided. In the places changed here, we want to keep using hashes without trivial collisions, but do not expect strong crypto security. sha1 seems like a trivial step up from md5 and without obvious alternatives. It is more expensive than md5, but we can live with that in these places. The remaining few uses of md5() cannot be changed without breaking backwards compatibility or external API. diff -r 87de82eb7cb0 -r 3a12df6cbf30 kallithea/lib/celerylib/__init__.py --- a/kallithea/lib/celerylib/__init__.py Mon Jun 08 14:10:13 2020 +0200 +++ b/kallithea/lib/celerylib/__init__.py Thu Jun 11 21:15:07 2020 +0200 @@ -28,7 +28,7 @@ import logging import os -from hashlib import md5 +from hashlib import sha1 from decorator import decorator from tg import config @@ -94,7 +94,7 @@ func_name = str(func.__name__) if hasattr(func, '__name__') else str(func) lockkey = 'task_%s.lock' % \ - md5(safe_bytes(func_name + '-' + '-'.join(str(x) for x in params))).hexdigest() + sha1(safe_bytes(func_name + '-' + '-'.join(str(x) for x in params))).hexdigest() return lockkey diff -r 87de82eb7cb0 -r 3a12df6cbf30 kallithea/lib/markup_renderer.py --- a/kallithea/lib/markup_renderer.py Mon Jun 08 14:10:13 2020 +0200 +++ b/kallithea/lib/markup_renderer.py Thu Jun 11 21:15:07 2020 +0200 @@ -74,13 +74,13 @@ :param text: """ - from hashlib import md5 + from hashlib import sha1 # Extract pre blocks. extractions = {} def pre_extraction_callback(matchobj): - digest = md5(matchobj.group(0)).hexdigest() + digest = sha1(matchobj.group(0)).hexdigest() extractions[digest] = matchobj.group(0) return "{gfm-extraction-%s}" % digest pattern = re.compile(r'
.*?
', re.MULTILINE | re.DOTALL)