Hi On 7/25/24 19:28, Nick Lockheart wrote:
I'm in the process of refactoring an old framework and I just found a use of sha1(). It's being used to generate a unique resource lock. It doesn't need to be secure, just a fast and random UID.
SHA-1 is a deterministic algorithm, thus it is unable to generate a random UID. Whatever this code is doing can most likely be more reliably achieved in a different way.
Best regards Tim Düsterhus
