cryptochecktool

Dear Open Source Project Maintainer, cryptocheck tool has detected the use of MD5 and SHA-1 hash functions within the project. The following security advisory is provided: MD5 and SHA-1 are...

The current implementation of generate_hash_id_from_traceback uses MD5 for hashing. Please update the function to use SHA256 for improved security and collision resistance. Code at:https://github.com/census-instrumentation/opencensus-python/blob/2e0710bf9ef733f29607418e51f0719422155361/opencensus/trace/stack_trace.py#L184

We have found that you are using ECB mode for AES encryption, which can lead to message information leakage and does not comply with cryptographic standards. Please use CBC or...

At the location https://github.com/gevorg/htpasswd/blob/master/src/utils.js#L53C1-L54C45, the encryption of the salt with salt = bcrypt.genSaltSync(cost) should have a loop count of at least 10 to ensure sufficient security.

In your code: [https://github.com/mirror/jdownloader/blob/f274b29897aad2e0ff0d4fd148e42aadf8b622fa/src/org/jdownloader/container/D.java #L322](https://github.com/agnitas-org/openemm/blob/990440c53869d3151a86f54b7f30a96a930f4e4d/frontend/src/java/com/agnitas/emm/core/commons/encrypt/ProfileFieldEncryptor.java#L177) Use IV=key. But iv should be set to a sufficiently random number, otherwise it will lead to a CPA attack. If IV=key, then CCA attacks...