Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question]: Security Concern: Use of SHA1/MD5 #1546

Open
1 task done
remithaunay opened this issue Feb 26, 2025 · 3 comments
Open
1 task done

[question]: Security Concern: Use of SHA1/MD5 #1546

remithaunay opened this issue Feb 26, 2025 · 3 comments

Comments

@remithaunay
Copy link

remithaunay commented Feb 26, 2025
edited by github-actions bot
Loading

How can we help?

Hello,

SHA1 and MD5 are considered weak cryptographic algorithms, and a recent penetration test revealed their use. Upon investigation, it appears they are used in the OneSignal-iOS-SDK.

Could you clarify how these algorithms are used and why their usage does not pose a security risk?

Thanks!

Code of Conduct

  • I agree to follow this project's Code of Conduct
@nan-li
Copy link
Contributor

nan-li commented Feb 27, 2025

Hi @remithaunay, can you share where the usages are that you are concerned about?

@remithaunay
Copy link
Author

Hello, these are the usages

https://github.com/search?q=repo%3AOneSignal%2FOneSignal-iOS-SDK%20CC_SHA1&type=code
https://github.com/search?q=repo%3AOneSignal%2FOneSignal-iOS-SDK+CC_MD5&type=code

@nan-li
Copy link
Contributor

nan-li commented Mar 3, 2025

Thanks for calling them out - they are leftover APIs in the SDK from the previous major version and are no longer used. We can remove them as they are now dead methods.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nan-li @remithaunay