Details
-
Bug
-
Resolution: Unresolved
-
P4: Low
-
None
-
5.15.4, 6.1.0
-
None
Description
The Qt API (QCryptographicHash) still provides SHA-1 algorithm which was considered deprecated and not secure enough.
It has been officially deprecated by NIST (National Institute of Standards and Technology) in 2011 and adviced to remove it from products ASAP and move to SHA-2 or SHA-3 instead. Also all browsers no longer accept SHA-1 SSL certificates and Microsoft discontinued SHA-1 code signing in 2020.
Therefore, this algorithm should be also considered as deprecated in Qt and users should be adviced to use something else instead.
Attachments
Gerrit Reviews
For Gerrit Dashboard: QTBUG-93838 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
350476,3 | Attributions: Don't mention QT_CRYPTOGRAPHICHASH_ONLY_SHA1 | dev | qt/qtbase | Status: MERGED | +2 | 0 |