charleslemaux/Mirror
1
0
Fork 0
mirror of https://github.com/MirrorNetworking/Mirror.git synced 2024-11-18 02:50:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SHA-1 comments

Browse Source
This commit is contained in:
vis2k 2023-01-26 01:41:34 +09:00
parent 01d0ae1a6b
commit 5802fec712
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Assets/Mirror/Transports/SimpleWeb/Client/StandAlone/ClientHandshake.cs
View File

@ -28,8 +28,8 @@ public bool TryHandshake(Connection conn, Uri uri)
byte[] keySumBytes = Encoding.ASCII.GetBytes(keySum);
Log.Verbose($"[SimpleWebTransport] Handshake Hashing {Encoding.ASCII.GetString(keySumBytes)}");
// SHA1 is the websocket standard:
// https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_servers#server_handshake_response
// SHA-1 is the websocket standard:
// https://www.rfc-editor.org/rfc/rfc6455
// we should follow the standard, even though SHA1 is considered weak:
// https://stackoverflow.com/questions/38038841/why-is-sha-1-considered-insecure
byte[] keySumHash = SHA1.Create().ComputeHash(keySumBytes);

4
Assets/Mirror/Transports/SimpleWeb/Server/ServerHandshake.cs
View File

@ -19,8 +19,8 @@ internal class ServerHandshake
// this isn't an official max, just a reasonable size for a websocket handshake
readonly int maxHttpHeaderSize = 3000;
// SHA1 is the websocket standard:
// https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_servers#server_handshake_response
// SHA-1 is the websocket standard:
// https://www.rfc-editor.org/rfc/rfc6455
// we should follow the standard, even though SHA1 is considered weak:
// https://stackoverflow.com/questions/38038841/why-is-sha-1-considered-insecure
readonly SHA1 sha1 = SHA1.Create();