This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the
issue tracker at Github
FS#2794 Replace simple MD5 hashing security with HMAC based one
According to the discussion at
we should replace hashes used as secret checksum security mechanism with a HMAC implementation.
PurePHP version of HMAC
reitereates the point that, md5 and sha1 hashing are not good enough for signature building.
that dont-hash-secrets points to using HMAC is good, so we are on right track! :)