Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-93838

Consider SHA-1 algorithm deprecated

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P4: Low P4: Low
    • None
    • 5.15.4, 6.1.0
    • Core: Other
    • None
    • All

      The Qt API (QCryptographicHash) still provides SHA-1 algorithm which was considered deprecated and not secure enough.

      It has been officially deprecated by NIST (National Institute of Standards and Technology) in 2011 and adviced to remove it from products ASAP and move to SHA-2 or SHA-3 instead. Also all browsers no longer accept SHA-1 SSL certificates and Microsoft discontinued SHA-1 code signing in 2020.

      Therefore, this algorithm should be also considered as deprecated in Qt and users should be adviced to use something else instead.

       

       

        For Gerrit Dashboard: QTBUG-93838
        # Subject Branch Project Status CR V
        350476,3 Attributions: Don't mention QT_CRYPTOGRAPHICHASH_ONLY_SHA1 dev qt/qtbase Status: MERGED +2 0
        630352,3 QOpenGLProgramBinaryCache: use MD5 instead of Sha1 dev qt/qtbase Status: ABANDONED -1 0

            thiago Thiago Macieira
            jgrulich Jan Grulich
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:

                There are no open Gerrit changes