The Wayback Machine - https://web.archive.org/web/20200915122704/https://github.com/SDWebImage/SDWebImage/pull/3069
Skip to content

/ SDWebImage

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: 6.0 version change file name hash function from md5 to sha256 #3069

Open
wants to merge 2 commits into
base: master
from
Open

WIP: 6.0 version change file name hash function from md5 to sha256 #3069

wants to merge 2 commits into from
+5 −5

Conversation

@Insofan
Copy link
Member

Insofan commented Aug 12, 2020

New Pull Request Checklist

  • I have read and understood the CONTRIBUTING guide

  • I have read the Documentation

  • I have searched for a similar pull request in the project and found none

  • I have updated this branch with the latest master to avoid conflicts (via merge from master or rebase)

  • I have added the required tests to prove the fix/feature I am adding

  • I have updated the documentation (if necessary)

  • I have run the tests and they pass

  • I have run the lint and it passes (pod lib lint)

This merge request fixes / refers to the following issues: ...

Pull Request Description

Change file name hash function from md5 to sha1 (reference issue). Has run test31CachePathForAnyKey and test32CachePathForNilKey.
@Insofan
feat: change file name hash function from md5 to sha1
Loading status checks…
f209c94
@Insofan Insofan changed the title WIP: change file name hash function from md5 to sha1 WIP: 6.0 version change file name hash function from md5 to sha1 Aug 12, 2020
@codecov
Copy link

codecov bot commented Aug 12, 2020
edited

Codecov Report

Merging #3069 into master will decrease coverage by 0.45%.
The diff coverage is 42.52%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3069      +/-   ##
==========================================
- Coverage   83.57%   83.12%   -0.46%     
==========================================
  Files          69       70       +1     
  Lines        7605     7609       +4     
==========================================
- Hits         6356     6325      -31     
- Misses       1249     1284      +35
Flag Coverage Δ
#ios 83.16% <44.73%> (-0.40%) ⬇️
#macos 82.74% <28.73%> (-0.72%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
SDWebImage/Core/NSData+ImageContentType.m 79.09% <ø> (-0.19%) ⬇️
SDWebImage/Core/SDImageAWebPCoder.m 0.00% <0.00%> (ø)
SDWebImage/Core/SDAnimatedImageRep.m 80.51% <20.00%> (-9.04%) ⬇️
SDWebImage/Core/SDImageHEICCoder.m 81.13% <50.00%> (+1.33%) ⬆️
SDWebImage/Core/SDImageIOAnimatedCoder.m 85.74% <91.66%> (+0.35%) ⬆️
SDWebImage/Core/SDDiskCache.m 87.98% <100.00%> (ø)
SDWebImage/Core/SDImageIOCoder.m 88.70% <100.00%> (-0.25%) ⬇️
...DWebImage/Private/SDImageIOAnimatedCoderInternal.h 100.00% <100.00%> (ø)
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 40023d5...09fe00c. Read the comment docs.
@jonthanon
Copy link

jonthanon commented Aug 12, 2020

SHA1 was broken too in 2017, so unfortunately it's insecure as well. The recommendation I'm seeing around is to go to SHA256.
@Insofan
mod: disk filename hash function to sha 256
Loading status checks…
09fe00c
@Insofan Insofan changed the title WIP: 6.0 version change file name hash function from md5 to sha1 WIP: 6.0 version change file name hash function from md5 to sha256 Aug 13, 2020
@Insofan
Copy link
Member Author

Insofan commented Aug 13, 2020

SHA1 was broken too in 2017, so unfortunately it's insecure as well. The recommendation I'm seeing around is to go to SHA256.

From my opinion encrypt file name didn't protect any thing, maybe just helpful for some company's security test. It only just a hash function for generate disk filename, not any cryptographic.
@dreampiggy dreampiggy added this to the 6.0.0 milestone Aug 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
6.0.0
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
@Insofan @jonthanon @dreampiggy
You can’t perform that action at this time.