Improves/size #357

hundredark · 2024-09-25T01:49:53Z

No description provided.

src/client/utils/uniq.ts

-  md5.update(minId);
-  md5.update(maxId);
-  const bytes = Buffer.from(md5.digest().bytes(), 'binary');
+  const res = md5(minId + maxId);


To fix the problem, we should replace the use of the MD5 hashing algorithm with a stronger, modern cryptographic hash function. In this case, we can use SHA-256, which is a secure and widely recommended hash function.

Replace the MD5 hash function with SHA-256 in the uniqueConversationID function.

Ensure that the rest of the code remains unchanged and continues to function as expected.

test/forge.test.ts

+const forgeUniqueConversationID = (userID: string, recipientID: string): string => {
+  const [minId, maxId] = [userID, recipientID].sort();
+  const md5 = md.md5.create();
+  md5.update(minId);


To fix the problem, we need to replace the MD5 hashing algorithm with a stronger alternative, such as SHA-256. This involves changing the creation and usage of the hash object from MD5 to SHA-256. Specifically, we will:

Replace md.md5.create() with md.sha256.create().

Ensure that the rest of the code that uses the hash object remains compatible with the new algorithm.

test/forge.test.ts

+  const [minId, maxId] = [userID, recipientID].sort();
+  const md5 = md.md5.create();
+  md5.update(minId);
+  md5.update(maxId);


To fix the problem, we should replace the MD5 hashing algorithm with a stronger alternative, such as SHA-256. This change will ensure that the hashing process is more secure and resistant to collision attacks.

General Fix: Replace the MD5 hashing algorithm with SHA-256.

Detailed Fix: Modify the forgeUniqueConversationID function to use SHA-256 instead of MD5. This involves changing the instantiation of the hash object and updating the relevant method calls.

Specific Changes:

Update the import statement to include SHA-256 if not already imported.

Replace md.md5.create() with md.sha256.create().

Ensure that the rest of the code in the function is compatible with the new hash object.

hundredark added 12 commits August 26, 2024 19:41

Improve import

278a761

update packges

402a2ee

Replace some forge usage

ef3d1d7

Merge branch 'main' into improves/size

897335f

Remove more funcs

a92ffe9

Fix crypto

ce4d9e6

Remove node-forge methods

6dfb8d1

Fix crypto when test

b36c7b4

Remove qs

018d608

Improve type import

bf2fbb6

Remove buffer

5f2a02a

Fix size-limit plugin

3446f29

github-advanced-security bot found potential problems Sep 25, 2024

View reviewed changes

hundredark added 2 commits September 25, 2024 09:58

Fix pakage-lock.json

c0c08a7

Revert ky

4a764ed

hundredark force-pushed the improves/size branch from 2b8b0e3 to 4a764ed Compare September 26, 2024 09:02

Merge branch 'main' into improves/size

6cfe808

hundredark marked this pull request as ready for review September 26, 2024 09:09

Isolate blaze client

6a0261a

crossle merged commit c71b7c4 into main Sep 26, 2024
4 of 5 checks passed

crossle deleted the improves/size branch September 26, 2024 09:36

@@ -16,4 +16,4 @@
               const [minId, maxId] = [userID, recipientID].sort();
-              const res = md5(minId + maxId);
-              const bytes = Buffer.from(res, 'hex');
+              const res = sha256.create().update(minId + maxId).digest();
+              const bytes = Buffer.from(res);

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improves/size #357

Improves/size #357

hundredark commented Sep 25, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.