This bundle uses sha256 as the default hashing algorithm for signed cookies:
|
->scalarNode('hash_algo')->defaultValue('sha256')->end() |
This might be no longer safe enough: https://en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
Maybe we can move to sha3-256 or higher, which is also supported by PHP? https://www.php.net/manual/en/function.hash-algos.php
This bundle uses
sha256as the default hashing algorithm for signed cookies:NelmioSecurityBundle/src/DependencyInjection/Configuration.php
Line 255 in 93f8009
This might be no longer safe enough: https://en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
Maybe we can move to sha3-256 or higher, which is also supported by PHP? https://www.php.net/manual/en/function.hash-algos.php