diff options
| author | Linus Jahn <lnj@kaidan.im> | 2022-08-31 16:50:11 +0200 |
|---|---|---|
| committer | Linus Jahn <lnj@kaidan.im> | 2022-08-31 16:52:18 +0200 |
| commit | 6bd74d69ddbf68871fdcb8a2705298e350056208 (patch) | |
| tree | 854bea3d9316de01ded663915c374f75066655a3 /src/base/QXmppBitsOfBinaryContentId.cpp | |
| parent | 54e3c950100319382c79d06357647255cb196ca0 (diff) | |
| download | qxmpp-6bd74d69ddbf68871fdcb8a2705298e350056208.tar.gz | |
BobContentId: Improve security warning about SHA-1
Diffstat (limited to 'src/base/QXmppBitsOfBinaryContentId.cpp')
| -rw-r--r-- | src/base/QXmppBitsOfBinaryContentId.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/base/QXmppBitsOfBinaryContentId.cpp b/src/base/QXmppBitsOfBinaryContentId.cpp index 4a599c2d..877e08f7 100644 --- a/src/base/QXmppBitsOfBinaryContentId.cpp +++ b/src/base/QXmppBitsOfBinaryContentId.cpp @@ -60,6 +60,10 @@ QXmppBitsOfBinaryContentIdPrivate::QXmppBitsOfBinaryContentIdPrivate() /// * SHA-3 (SHA3-224, SHA3-256, SHA3-384, SHA3-512) /// * BLAKE2 (BLAKE2b256, BLAKE2b512) (requires Qt 6, since QXmpp 1.5) /// +/// \note Security notice: When using the content IDs to cache data between multiple entities it is +/// important to avoid hash collisions. SHA-1 cannot fulfill this requirement. You SHOULD use +/// another more secure hash algorithm if you do this. +/// /// \since QXmpp 1.2 /// @@ -200,8 +204,6 @@ QCryptographicHash::Algorithm QXmppBitsOfBinaryContentId::algorithm() const /// /// \note Only change this, if you know what you do. The XEP allows other /// hashing algorithms than SHA-1 to be used, but not all clients support this. -/// Since in most cases the content id is not security relevant it is not a -/// problem to continue using SHA-1. /// void QXmppBitsOfBinaryContentId::setAlgorithm(QCryptographicHash::Algorithm algo) { |