Mercurial > kallithea
changeset 8570:3a12df6cbf30
lib: use sha1 instead of md5 in a couple of places
md5 is dead and should be avoided. In the places changed here, we want to keep
using hashes without trivial collisions, but do not expect strong crypto
security. sha1 seems like a trivial step up from md5 and without obvious
alternatives. It is more expensive than md5, but we can live with that in these
places.
The remaining few uses of md5() cannot be changed without breaking backwards
compatibility or external API.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Thu, 11 Jun 2020 21:15:07 +0200 |
| parents | 87de82eb7cb0 |
| children | 95ba2e5893f9 |
| files | kallithea/lib/celerylib/__init__.py kallithea/lib/markup_renderer.py |
| diffstat | 2 files changed, 4 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/celerylib/__init__.py Mon Jun 08 14:10:13 2020 +0200 +++ b/kallithea/lib/celerylib/__init__.py Thu Jun 11 21:15:07 2020 +0200 @@ -28,7 +28,7 @@ import logging import os -from hashlib import md5 +from hashlib import sha1 from decorator import decorator from tg import config @@ -94,7 +94,7 @@ func_name = str(func.__name__) if hasattr(func, '__name__') else str(func) lockkey = 'task_%s.lock' % \ - md5(safe_bytes(func_name + '-' + '-'.join(str(x) for x in params))).hexdigest() + sha1(safe_bytes(func_name + '-' + '-'.join(str(x) for x in params))).hexdigest() return lockkey
--- a/kallithea/lib/markup_renderer.py Mon Jun 08 14:10:13 2020 +0200 +++ b/kallithea/lib/markup_renderer.py Thu Jun 11 21:15:07 2020 +0200 @@ -74,13 +74,13 @@ :param text: """ - from hashlib import md5 + from hashlib import sha1 # Extract pre blocks. extractions = {} def pre_extraction_callback(matchobj): - digest = md5(matchobj.group(0)).hexdigest() + digest = sha1(matchobj.group(0)).hexdigest() extractions[digest] = matchobj.group(0) return "{gfm-extraction-%s}" % digest pattern = re.compile(r'<pre>.*?</pre>', re.MULTILINE | re.DOTALL)