The MM5 installer is signed using an outdated algorithm [#18179]

Help improve MediaMonkey 5 by testing the latest pre-release builds, and reporting bugs and feature requests.

Moderator: Gurus

TIV73
Posts: 229
Joined: Sat Nov 12, 2011 1:31 pm

The MM5 installer is signed using an outdated algorithm [#18179]

Post by TIV73 »

Hi,
I was waiting for update 5.0.1 to replace MM4 as my main day-to-day music player (congratulations on the release!) and noticed that both the regular and debug installer are signed using sha1 which has been deprecated for https encryption and code signing by all major authorities (including the issuer of the cert used by the MM5 installer) a couple of years ago and is not considered safe anymore.

Please note that the actual certificate itself already uses sha384, it's just applied to the installer using digest algorithm sha1. While that's not a immediate dealbreaker I probably wouldn't call it best practice.
Last edited by TIV73 on Sun Aug 01, 2021 12:19 pm, edited 1 time in total.
Peke
Posts: 17457
Joined: Tue Jun 10, 2003 7:21 pm
Location: Earth
Contact:

Re: The MM5 installer is signed using an outdated algorithm

Post by Peke »

Best regards,
Peke
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
Image
Image
Image
How to attach PICTURE/SCREENSHOTS to forum posts
Post Reply