You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The hasher function in tf_quant_finance/experimental/pricing_platform/framework/utils.py currently uses the MD5 hash algorithm, which is considered insecure for cryptographic purposes due to its vulnerability to collision attacks. While the function is described as returning a "non-cryptographic hash," it would be prudent to replace MD5 with a more secure hash function like SHA-256 to future-proof the code and align with best practices.
Current Code:
defhasher(obj):
"""Returns non-cryptographic hash of a JSON-serializable object."""h=hashlib.md5(json.dumps(obj).encode())
returnh.hexdigest()
Proposed Change:
Replace hashlib.md5 with hashlib.sha256.
Proposed Code:
defhasher(obj):
"""Returns non-cryptographic hash of a JSON-serializable object."""h=hashlib.sha256(json.dumps(obj).encode())
returnh.hexdigest()
Issue Description:
The
hasher
function intf_quant_finance/experimental/pricing_platform/framework/utils.py
currently uses the MD5 hash algorithm, which is considered insecure for cryptographic purposes due to its vulnerability to collision attacks. While the function is described as returning a "non-cryptographic hash," it would be prudent to replace MD5 with a more secure hash function like SHA-256 to future-proof the code and align with best practices.Current Code:
Proposed Change:
Replace
hashlib.md5
withhashlib.sha256
.Proposed Code:
Location:
utils.py#L20
Justification:
Additional Context:
Conclusion:
Please consider updating the
hasher
function to use SHA-256 instead of MD5.Thank you for your attention to this matter.
The text was updated successfully, but these errors were encountered: