esapi-java-legacy icon indicating copy to clipboard operation
esapi-java-legacy copied to clipboard

Published 20 hours ago verified publisher icon ESAPI

Fix code scanning alert - Use of a broken or risky cryptographic algorithm - HMacSHA1

Open kwwall opened this issue 2 years ago • 2 comments

This is a false positive. SHA-1 is a risky algorithm, but not when it is used as an HMac. Need to report this to GitHub. Nothing to fix here, but recording an issue so I (@kwwall ) remember to report it against the code scanning software.

Tracking issue for:

  • [ ] https://github.com/ESAPI/esapi-java-legacy/security/code-scanning/1

kwwall avatar Jan 10 '22 04:01 kwwall