Audit: Ensure SHA-1 is not used for sensitive or security-relevant actions within Chrome |
|
Issue descriptionAs we move to distrust SHA-1 certificates, we should be carefully examining any other uses of SHA-1 within the codebase that may have security-relevance, and updating as appropriate. Possible actions: - If a cryptographic hash is not required, switch to another appropriate hash that is better for performance (e.g. city/murmur or even std::hash) - If a cryptographic hash is desired for security, switch to SHA-256 |
|
►
Sign in to add a comment |
|
Comment 1 by rsleevi@chromium.org
, Jun 8 2016