ConfD User Community

MD5 weak/broken hash algorithm

Hi ,

Devskim erros caught the MD5 hash algorithm and says it is broken hash algorithm .
I have seen this confd_ipc_access.c file .

Any suggestion for replacement for the same ?


Are you using the built in IPC access check? I.e. are your applications using a non-trusted TCP connection to communicate with ConfD?
A simple and better alternative is presented in this application note:

Hi Cohult

Thanks for the reply .

DEvskim tool basically do the code analysis and will identify MD5 keyword in the code which is considered as broken has algorithm and no more secure.

If i want to replace that MD5 code with others , which is the best alternative ?


You can’t replace that MD5 check. You don’t need to include the confd_ipc_access.c file in deployment.

Just make sure that /confdConfig/confdIpcAccessCheck/enabled in your confd.conf (ConfD configuration file) is set to “false”, which is the default setting.

If you need an IPC access check you can, for example, do something like what is described in the application note I gave you a link to under “4. Secure IPC Using stunnel”