From c762878fd037c0b0fa4557a4d858faa2c0c44c94 Mon Sep 17 00:00:00 2001 From: TimShererWithAquent Date: Fri, 2 Aug 2019 10:31:38 -0700 Subject: [PATCH 1/4] Updates re MD5/SHA1 usage. --- .../BaseReference.xml | 2 +- .../HashAlgorithmType.xml | 6 +++--- xml/System.CodeDom/CodeChecksumPragma.xml | 2 +- .../AssemblyHashAlgorithm.xml | 2 +- .../PackageDigitalSignatureManager.xml | 8 ++++++-- .../InMemorySymmetricSecurityKey.xml | 4 +++- .../SecurityAlgorithms.xml | 8 ++++---- .../SymmetricSecurityKey.xml | 2 ++ .../X509AsymmetricSecurityKey.xml | 18 +++++++++++++----- .../RsaEncryptionCookieTransform.xml | 4 +++- .../RsaSignatureCookieTransform.xml | 4 +++- .../DefaultPropertiesToSend.xml | 4 +++- xml/System.Messaging/Message.xml | 4 +++- .../HttpContentHeaders.xml | 2 +- xml/System.Net/HttpRequestHeader.xml | 2 +- xml/System.Net/HttpResponseHeader.xml | 2 +- .../AssemblyHashAlgorithm.xml | 4 ++-- .../HashAlgorithmType.xml | 4 ++-- xml/System.Security.Policy/Hash.xml | 16 +++++++++++----- .../Basic192SecurityAlgorithmSuite.xml | 6 +++--- .../Basic256SecurityAlgorithmSuite.xml | 6 +++--- .../SecurityKeyEntropyMode.xml | 2 +- .../TripleDesSecurityAlgorithmSuite.xml | 6 +++--- .../MsmqSecureHashAlgorithm.xml | 4 ++-- .../MsmqTransportSecurity.xml | 2 ++ 25 files changed, 78 insertions(+), 46 deletions(-) diff --git a/xml/Microsoft.Build.Tasks.Deployment.ManifestUtilities/BaseReference.xml b/xml/Microsoft.Build.Tasks.Deployment.ManifestUtilities/BaseReference.xml index d58b21a96b0..b278b77dbdf 100644 --- a/xml/Microsoft.Build.Tasks.Deployment.ManifestUtilities/BaseReference.xml +++ b/xml/Microsoft.Build.Tasks.Deployment.ManifestUtilities/BaseReference.xml @@ -148,7 +148,7 @@ Gets or sets the SHA1 hash of the file. A string indicating the SHA1 hash of the file. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/Mono.Security.Interface/HashAlgorithmType.xml b/xml/Mono.Security.Interface/HashAlgorithmType.xml index 00ab5806d47..011882344e1 100644 --- a/xml/Mono.Security.Interface/HashAlgorithmType.xml +++ b/xml/Mono.Security.Interface/HashAlgorithmType.xml @@ -34,7 +34,7 @@ 1 - To be added. + Due to collision problems with MD5, Microsoft recommends SHA256 or better. @@ -54,7 +54,7 @@ 254 - To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. @@ -94,7 +94,7 @@ 2 - To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. diff --git a/xml/System.CodeDom/CodeChecksumPragma.xml b/xml/System.CodeDom/CodeChecksumPragma.xml index 879565cc118..66b31223fc5 100644 --- a/xml/System.CodeDom/CodeChecksumPragma.xml +++ b/xml/System.CodeDom/CodeChecksumPragma.xml @@ -192,7 +192,7 @@ The calculation of the checksum is language-specific. That is, the language vendor can use any of the hashing algorithms known to the debugger to calculate the checksum. The use of a GUID for this property provides hash algorithm extensibility. - + Due to collision problems with SHA1 and MD5, Microsoft recommends a security model based on SHA256 or better. ## Examples The following code example shows the setting of the property. This code example is part of a larger example provided for the class. diff --git a/xml/System.Configuration.Assemblies/AssemblyHashAlgorithm.xml b/xml/System.Configuration.Assemblies/AssemblyHashAlgorithm.xml index f72a80ac9d7..42cb2db0ed9 100644 --- a/xml/System.Configuration.Assemblies/AssemblyHashAlgorithm.xml +++ b/xml/System.Configuration.Assemblies/AssemblyHashAlgorithm.xml @@ -122,7 +122,7 @@ 0 - A mask indicating that there is no hash algorithm. If you specify for a multi-module assembly, the common language runtime defaults to the SHA1 algorithm, since multi-module assemblies need to generate a hash. + A mask indicating that there is no hash algorithm. If you specify for a multi-module assembly, the common language runtime defaults to the SHA1 algorithm, since multi-module assemblies need to generate a hash. Due to collision problems with SHA1, Microsoft recommends SHA256. diff --git a/xml/System.IO.Packaging/PackageDigitalSignatureManager.xml b/xml/System.IO.Packaging/PackageDigitalSignatureManager.xml index 3f75e1ae4ca..06a8551542c 100644 --- a/xml/System.IO.Packaging/PackageDigitalSignatureManager.xml +++ b/xml/System.IO.Packaging/PackageDigitalSignatureManager.xml @@ -257,7 +257,9 @@ The property gets or sets the actual hash algorithm this is used to create and verify signatures. The property is typically used to reset the property back to default after a temporary change. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> @@ -324,7 +326,9 @@ Unless explicitly set otherwise, this property gets the same value as . The property is typically not changed from its default. This property must be changed only if a signature that uses a different known and accessible is encountered. When finished with the signature that uses a different hash algorithm, call to reset the property back to default. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> The string for the [!INCLUDE[TLA2#tla_uri](~/includes/tla2sharptla-uri-md.md)] to set is . diff --git a/xml/System.IdentityModel.Tokens/InMemorySymmetricSecurityKey.xml b/xml/System.IdentityModel.Tokens/InMemorySymmetricSecurityKey.xml index ff2a2fde253..98033291b6d 100644 --- a/xml/System.IdentityModel.Tokens/InMemorySymmetricSecurityKey.xml +++ b/xml/System.IdentityModel.Tokens/InMemorySymmetricSecurityKey.xml @@ -219,7 +219,9 @@ ## Remarks To specify P-SHA1 as the cryptographic algorithm, use the field. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> diff --git a/xml/System.IdentityModel.Tokens/SecurityAlgorithms.xml b/xml/System.IdentityModel.Tokens/SecurityAlgorithms.xml index 2eed041e4b8..d63efa814aa 100644 --- a/xml/System.IdentityModel.Tokens/SecurityAlgorithms.xml +++ b/xml/System.IdentityModel.Tokens/SecurityAlgorithms.xml @@ -289,7 +289,7 @@ Represents the P-SHA1 key generation algorithm. This field is constant. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -310,7 +310,7 @@ Represents the December 2007 version of the P-SHA1 key generation algorithm. This field is constant. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -373,7 +373,7 @@ Specifies a URI that points to the RSA-SHA1 cryptographic algorithm for digitally signing XML. This field is constant. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -436,7 +436,7 @@ Specifies a URI that points to the 160-bit SHA-1 digest algorithm. This field is constant. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.IdentityModel.Tokens/SymmetricSecurityKey.xml b/xml/System.IdentityModel.Tokens/SymmetricSecurityKey.xml index 1a6c3d7272f..ce808b665d8 100644 --- a/xml/System.IdentityModel.Tokens/SymmetricSecurityKey.xml +++ b/xml/System.IdentityModel.Tokens/SymmetricSecurityKey.xml @@ -80,6 +80,8 @@ ## Remarks To specify P-SHA1 as the cryptographic algorithm, use the field. + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. ]]> diff --git a/xml/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.xml b/xml/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.xml index df8a4b0d0b7..183e89d520a 100644 --- a/xml/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.xml +++ b/xml/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.xml @@ -162,7 +162,9 @@ ## Remarks Use the , , , or fields to specify the `algorithm` parameter. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> @@ -209,7 +211,9 @@ ## Remarks Use the , or fields to specify the `algorithm` parameter. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> @@ -289,7 +293,9 @@ ## Remarks Use the , or fields to specify the `algorithm` parameter. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> The X.509 certificate specified in the constructor does not have a private key. @@ -357,7 +363,7 @@ Gets a value that indicates whether the specified algorithm uses asymmetric keys. when the specified algorithm is , , , , or ; otherwise, . - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -393,7 +399,9 @@ - The `algorithm` parameter is and the public key for the X.509 certificate specified in the constructor is of type . - The `algorithm` parameter is , , or and the public key for the X.509 certificate specified in the constructor is of type . - + +Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> diff --git a/xml/System.IdentityModel/RsaEncryptionCookieTransform.xml b/xml/System.IdentityModel/RsaEncryptionCookieTransform.xml index 3b2e17b9f61..11e997c4122 100644 --- a/xml/System.IdentityModel/RsaEncryptionCookieTransform.xml +++ b/xml/System.IdentityModel/RsaEncryptionCookieTransform.xml @@ -228,7 +228,9 @@ ## Remarks SHA256 is the default algorithm. This may require a minimum platform of Windows Server 2003 and .NET 3.5 SP1. - If SHA256 is not supported, set the property to "SHA1". + If SHA256 is not supported, set the property to "SHA1". + + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. ]]> diff --git a/xml/System.IdentityModel/RsaSignatureCookieTransform.xml b/xml/System.IdentityModel/RsaSignatureCookieTransform.xml index 6cfa2519b76..ce63ebd446f 100644 --- a/xml/System.IdentityModel/RsaSignatureCookieTransform.xml +++ b/xml/System.IdentityModel/RsaSignatureCookieTransform.xml @@ -219,7 +219,9 @@ SHA256 is the default algorithm. This may require a minimum operating system of [!INCLUDE[winxpsvr](~/includes/winxpsvr-md.md)] and .NET 3.5 SP1. If SHA256 is not supported, set the property to "SHA1". - + + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + ]]> diff --git a/xml/System.Messaging/DefaultPropertiesToSend.xml b/xml/System.Messaging/DefaultPropertiesToSend.xml index 1c15e65039e..44a94850221 100644 --- a/xml/System.Messaging/DefaultPropertiesToSend.xml +++ b/xml/System.Messaging/DefaultPropertiesToSend.xml @@ -432,7 +432,9 @@ myMessageQueue.DefaultPropertiesToSend.Label = "myLabel"; The property identifies the hashing algorithm Message Queuing uses when authenticating messages or when creating a digital signature for a message. Message Queuing on the source computer uses the hashing algorithm when creating a digital signature for a message. The target Queue Manager then uses the same hashing algorithm to authenticate the message when it is received. - + + Due to collision problems with MD5, Microsoft recommends SHA256. + ]]> diff --git a/xml/System.Messaging/Message.xml b/xml/System.Messaging/Message.xml index 6ce5b7e64b6..12479ef6a67 100644 --- a/xml/System.Messaging/Message.xml +++ b/xml/System.Messaging/Message.xml @@ -1523,7 +1523,9 @@ if (myObject is float) { ## Remarks On the source computer, Message Queuing uses the hashing algorithm when creating a digital signature for a message. The target Queue Manager then uses the same hashing algorithm to authenticate the message when it is received. - + + Due to collision problems with MD5 and SHA1, Microsoft recommends SHA256. + ]]> The message queue is filtered to ignore the property. diff --git a/xml/System.Net.Http.Headers/HttpContentHeaders.xml b/xml/System.Net.Http.Headers/HttpContentHeaders.xml index 893eb6453cb..df1c168eca6 100644 --- a/xml/System.Net.Http.Headers/HttpContentHeaders.xml +++ b/xml/System.Net.Http.Headers/HttpContentHeaders.xml @@ -234,7 +234,7 @@ Gets or sets the value of the content header on an HTTP response. The value of the content header on an HTTP response. - To be added. + Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.Net/HttpRequestHeader.xml b/xml/System.Net/HttpRequestHeader.xml index 8cb316b1648..5768b598f53 100644 --- a/xml/System.Net/HttpRequestHeader.xml +++ b/xml/System.Net/HttpRequestHeader.xml @@ -548,7 +548,7 @@ 16 - The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check. + The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check. Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.Net/HttpResponseHeader.xml b/xml/System.Net/HttpResponseHeader.xml index 97629618277..812e7ec205d 100644 --- a/xml/System.Net/HttpResponseHeader.xml +++ b/xml/System.Net/HttpResponseHeader.xml @@ -365,7 +365,7 @@ 16 - The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check. + The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check. Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.Reflection/AssemblyHashAlgorithm.xml b/xml/System.Reflection/AssemblyHashAlgorithm.xml index 7a4d7ef5d8c..16db4b00a2b 100644 --- a/xml/System.Reflection/AssemblyHashAlgorithm.xml +++ b/xml/System.Reflection/AssemblyHashAlgorithm.xml @@ -44,7 +44,7 @@ 32771 - To be added. + Due to collision problems with MD5, Microsoft recommends SHA256. @@ -94,7 +94,7 @@ 32772 - To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256. diff --git a/xml/System.Security.Authentication/HashAlgorithmType.xml b/xml/System.Security.Authentication/HashAlgorithmType.xml index 800f6d4c8bb..3259f01c0be 100644 --- a/xml/System.Security.Authentication/HashAlgorithmType.xml +++ b/xml/System.Security.Authentication/HashAlgorithmType.xml @@ -76,7 +76,7 @@ 32771 - The Message Digest 5 (MD5) hashing algorithm. + The Message Digest 5 (MD5) hashing algorithm. Due to collision problems with MD5, Microsoft recommends SHA256. @@ -142,7 +142,7 @@ 32772 - The Secure Hashing Algorithm (SHA1). + The Secure Hashing Algorithm (SHA1). Due to collision problems with SHA1, Microsoft recommends SHA256. diff --git a/xml/System.Security.Policy/Hash.xml b/xml/System.Security.Policy/Hash.xml index efdf9d6fd96..cc6c1245d92 100644 --- a/xml/System.Security.Policy/Hash.xml +++ b/xml/System.Security.Policy/Hash.xml @@ -44,7 +44,9 @@ A hash value represents a unique value that corresponds to a particular set of bytes. Rather than referring to an assembly by name, version, or other designation, a hash value designates the assembly without ambiguity. Names are subject to collisions in rare cases where the same name is given to completely different code. Different variations of code can accidentally be marked with the same version. However, even changing a single bit results in a very different hash value. Hash values are a cryptographically secure way to refer to specific assemblies in policy without the use of digital signatures. A secure hash algorithm is designed so that it is computationally infeasible to construct a different assembly with the identical hash value by either an accidental or malicious attempt. By default, evidence from the and hash algorithms is supported, although any hash algorithm can be used through . - + + Due to collision problems with MD5 and SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> @@ -148,7 +150,9 @@ ## Remarks The returned object contains only the property. - + + Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better. + ]]> The parameter is . @@ -189,7 +193,9 @@ ## Remarks The returned object contains only the property. - + + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. + ]]> The parameter is . @@ -361,7 +367,7 @@ ## Remarks The assembly specified in the class constructor provides the bytes for the hash computation. - + Due to collision problems with MD5, Microsoft recommends SHA256. ## Examples The following example computes the hash for `myAssembly` and stores it in `hashcode`. @@ -407,7 +413,7 @@ ## Remarks The assembly specified in the constructor provides the bytes for the hash computation. - + Due to collision problems with SHA1, Microsoft recommends SHA256. ## Examples The following example computes the hash for `myAssembly` and stores it in `hashcode`. diff --git a/xml/System.ServiceModel.Security/Basic192SecurityAlgorithmSuite.xml b/xml/System.ServiceModel.Security/Basic192SecurityAlgorithmSuite.xml index 4caa6bddf42..c9096ad8f8d 100644 --- a/xml/System.ServiceModel.Security/Basic192SecurityAlgorithmSuite.xml +++ b/xml/System.ServiceModel.Security/Basic192SecurityAlgorithmSuite.xml @@ -79,7 +79,7 @@ Gets the default asymmetric signature algorithm, RsaSha1Signature. The default asymmetric signature algorithm, RsaSha1Signature. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -121,7 +121,7 @@ Gets the default digest algorithm, Sha1Digest. The default digest algorithm, Sha1Digest. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -247,7 +247,7 @@ Gets the default symmetric signature algorithm, HmacSha1Signature. The default symmetric signature algorithm, HmacSha1Signature. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.ServiceModel.Security/Basic256SecurityAlgorithmSuite.xml b/xml/System.ServiceModel.Security/Basic256SecurityAlgorithmSuite.xml index 25764a4d1b6..7789ead94e0 100644 --- a/xml/System.ServiceModel.Security/Basic256SecurityAlgorithmSuite.xml +++ b/xml/System.ServiceModel.Security/Basic256SecurityAlgorithmSuite.xml @@ -79,7 +79,7 @@ Gets the default asymmetric signature algorithm, RsaSha1Signature. The default asymmetric signature algorithm, RsaSha1Signature. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -121,7 +121,7 @@ Gets the default digest algorithm, Sha1Digest. The default digest algorithm, Sha1Digest. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -247,7 +247,7 @@ Gets the default symmetric signature algorithm, HmacSha1Signature. The default symmetric signature algorithm, HmacSha1Signature. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.ServiceModel.Security/SecurityKeyEntropyMode.xml b/xml/System.ServiceModel.Security/SecurityKeyEntropyMode.xml index b1b772952e9..ac8fbea85db 100644 --- a/xml/System.ServiceModel.Security/SecurityKeyEntropyMode.xml +++ b/xml/System.ServiceModel.Security/SecurityKeyEntropyMode.xml @@ -64,7 +64,7 @@ 2 - The client and server both provide entropy that is combined using the P-SHA1 function to derive the key of the issued token. + The client and server both provide entropy that is combined using the P-SHA1 function to derive the key of the issued token. Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.ServiceModel.Security/TripleDesSecurityAlgorithmSuite.xml b/xml/System.ServiceModel.Security/TripleDesSecurityAlgorithmSuite.xml index d7cf38c3ce3..be4e0b4dab5 100644 --- a/xml/System.ServiceModel.Security/TripleDesSecurityAlgorithmSuite.xml +++ b/xml/System.ServiceModel.Security/TripleDesSecurityAlgorithmSuite.xml @@ -79,7 +79,7 @@ Gets the default asymmetric signature algorithm, RsaSha1Signature. The default asymmetric signature algorithm, RsaSha1Signature. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -121,7 +121,7 @@ Gets the default digest algorithm, Sha1Digest. The default digest algorithm, Sha1Digest. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. @@ -247,7 +247,7 @@ Gets the default symmetric signature algorithm, HmacSha1Signature. The default symmetric signature algorithm, HmacSha1Signature. - To be added. + Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better. diff --git a/xml/System.ServiceModel/MsmqSecureHashAlgorithm.xml b/xml/System.ServiceModel/MsmqSecureHashAlgorithm.xml index 8a0ce6d63fe..dc699fda003 100644 --- a/xml/System.ServiceModel/MsmqSecureHashAlgorithm.xml +++ b/xml/System.ServiceModel/MsmqSecureHashAlgorithm.xml @@ -47,7 +47,7 @@ 0 - The Message Digest Algorithm 5 (MD5). + The Message Digest Algorithm 5 (MD5). Due to collision problems with MD5, Microsoft recommends SHA256. @@ -69,7 +69,7 @@ 1 - The Secure Hash Algorithm (SHA-1). + The Secure Hash Algorithm (SHA-1). Due to collision problems with SHA1, Microsoft recommends SHA256. diff --git a/xml/System.ServiceModel/MsmqTransportSecurity.xml b/xml/System.ServiceModel/MsmqTransportSecurity.xml index b5b5e807a8a..a1e3ec6c3d8 100644 --- a/xml/System.ServiceModel/MsmqTransportSecurity.xml +++ b/xml/System.ServiceModel/MsmqTransportSecurity.xml @@ -216,6 +216,8 @@ ## Remarks The default hash algorithm is . + + Due to collision problems with SHA1, Microsoft recommends SHA256. ]]> From f4c030084c94bc34d6017e1a1f3f4f3fb17f4666 Mon Sep 17 00:00:00 2001 From: Tim Sherer Date: Tue, 6 Aug 2019 07:47:00 -0700 Subject: [PATCH 2/4] Update summary tag contents Per comments from @mairaw. --- xml/Mono.Security.Interface/HashAlgorithmType.xml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/xml/Mono.Security.Interface/HashAlgorithmType.xml b/xml/Mono.Security.Interface/HashAlgorithmType.xml index 011882344e1..76aedabc225 100644 --- a/xml/Mono.Security.Interface/HashAlgorithmType.xml +++ b/xml/Mono.Security.Interface/HashAlgorithmType.xml @@ -34,7 +34,8 @@ 1 - Due to collision problems with MD5, Microsoft recommends SHA256 or better. + To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. @@ -54,7 +55,8 @@ 254 - Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. @@ -94,7 +96,8 @@ 2 - Due to collision problems with SHA1, Microsoft recommends SHA256 or better. + To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256 or better. @@ -198,4 +201,4 @@ - \ No newline at end of file + From 081d0155929168dbe36e570adcdc7cdf7df523eb Mon Sep 17 00:00:00 2001 From: Tim Sherer Date: Tue, 6 Aug 2019 07:56:05 -0700 Subject: [PATCH 3/4] Update summary tag edits. Per feedback from @mairaw. --- xml/System.Reflection/AssemblyHashAlgorithm.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/xml/System.Reflection/AssemblyHashAlgorithm.xml b/xml/System.Reflection/AssemblyHashAlgorithm.xml index 16db4b00a2b..a7637fd5a21 100644 --- a/xml/System.Reflection/AssemblyHashAlgorithm.xml +++ b/xml/System.Reflection/AssemblyHashAlgorithm.xml @@ -44,7 +44,8 @@ 32771 - Due to collision problems with MD5, Microsoft recommends SHA256. + To be added. + Due to collision problems with MD5, Microsoft recommends SHA256. @@ -94,7 +95,8 @@ 32772 - Due to collision problems with SHA1, Microsoft recommends SHA256. + To be added. + Due to collision problems with SHA1, Microsoft recommends SHA256. @@ -173,4 +175,4 @@ - \ No newline at end of file + From 27ffcb133eb53284edae5271420dc8fa0176f5e8 Mon Sep 17 00:00:00 2001 From: Tim Sherer Date: Wed, 7 Aug 2019 11:19:03 -0700 Subject: [PATCH 4/4] Move enum summary content to remarks. --- xml/System.Security.Authentication/HashAlgorithmType.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/xml/System.Security.Authentication/HashAlgorithmType.xml b/xml/System.Security.Authentication/HashAlgorithmType.xml index 3259f01c0be..103089d506f 100644 --- a/xml/System.Security.Authentication/HashAlgorithmType.xml +++ b/xml/System.Security.Authentication/HashAlgorithmType.xml @@ -76,7 +76,8 @@ 32771 - The Message Digest 5 (MD5) hashing algorithm. Due to collision problems with MD5, Microsoft recommends SHA256. + The Message Digest 5 (MD5) hashing algorithm. + Due to collision problems with MD5, Microsoft recommends SHA256. @@ -142,7 +143,8 @@ 32772 - The Secure Hashing Algorithm (SHA1). Due to collision problems with SHA1, Microsoft recommends SHA256. + The Secure Hashing Algorithm (SHA1). + Due to collision problems with SHA1, Microsoft recommends SHA256. @@ -233,4 +235,4 @@ - \ No newline at end of file +