Skip to content
This repository was archived by the owner on Jan 13, 2023. It is now read-only.
This repository was archived by the owner on Jan 13, 2023. It is now read-only.

Secure Random & Better Hashing Algorithm Support #186

Open
Open
Secure Random & Better Hashing Algorithm Support#186
Assignees
TheDGOfficial
Labels
priority: highA high priority issue or pull requeststate: investigatingSomething needs extra investigationtype: enhancementNew feature or request
Milestone
2.2.18
@TheDGOfficial

Description

@TheDGOfficial
TheDGOfficial
opened on Nov 7, 2020

Is your feature request related to a problem? Please describe.
Generating randomness with the random source of new java.util.Random() is not secure. MD5 or SHA-256 as a hashing algorithm is also not secure.

Describe the solution you'd like
It should be kept like that for compatibility reasons and the performance penalty of new java.security.SecureRandom(), but there should be a config option to switch over to new java.security.SecureRandom().

For the hashing; the default hashing algorithm should also be kept like that, but there should be warnings and a config option to switch over to a new algorithm, like Argon2 (for auth scripts, resource intensive and may be hard to implement but it will be secure)

Describe alternatives you've considered
N/A

Additional information
N/A

Metadata

Metadata

Assignees

Labels

priority: highA high priority issue or pull requeststate: investigatingSomething needs extra investigationtype: enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions