Clarification on MD5 Usage in System.Security.Cryptography.Native.Android and PII Handling #130406
-
|
Hello .NET Runtime maintainers, We are seeking clarification regarding the purpose and usage of the MD5 implementation within the BackgroundOne of our applications indirectly references this library as part of the .NET runtime stack. During a recent security assessment, our security scanning tools identified the presence of MD5-related functionality within the library and flagged it as a potential vulnerability. Here's one example To be clear:
QuestionCould a maintainer help clarify:
We are looking for authoritative clarification from the maintainers so that we can accurately document the purpose of the library and address the findings raised by our Security team. Any guidance, references to runtime implementation details, or links to relevant documentation would be greatly appreciated. Thank you for your time and assistance. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
.NET is a platform. We offer choices, and we rarely take choices away. So, yes, banned cryptographic algorithms will turn up inside our platform. |
Beta Was this translation helpful? Give feedback.
.NET is a platform. We offer choices, and we rarely take choices away. So, yes, banned cryptographic algorithms will turn up inside our platform.