Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow option to disable MD5 warning #8

Open
GoogleCodeExporter opened this issue Apr 15, 2015 · 0 comments
Open

Allow option to disable MD5 warning #8

GoogleCodeExporter opened this issue Apr 15, 2015 · 0 comments
Assignees
@gpfjeff
Labels
auto-migrated Component-UI OpSys-Windows Priority-Medium Type-Enhancement Usability

Comments

@GoogleCodeExporter
Copy link 

I received the following request via e-mail:

"Your WinHasher is an excellent program but the warning message about MD5 is 
quite annoying and makes MD5WinHasher useless for me. If the warning was shown 
one time only it would be OK, but it is tiresome to see it time and again (when 
MD5 is chosen by default). I would appreciate it this message could be 
disabled."

The warning in question is a dialog that pops up when MD5 is selected from the 
Hash Algorithm drop-down list for the first time in a given session. This 
message is meant to remind users that MD5 is no longer considered secure and 
that they should being using stronger hashes such as SHA2. That said, if the 
user has MD5 selected when WinHasher is closed, the same dialog will be shown 
again when WinHasher opens. If the user uses MD5 regularly (likely because they 
must confirm a hash someone else has generated) and simply opens WinHasher to 
verify the file and then close it, this could admittedly get old pretty quickly.

One potential workaround for now would be to use the SendTo shortcuts, which 
are an option when WinHasher is installed. The user can right-click the file to 
open the context menu, select Send To, and pick the WinHasher MD5 shortcut. 
This shortcut does not generate the same warning as the main app, and even 
provides a place to allow the user to copy and paste the hash to compare the 
two values.

However, we should probably put in an option somewhere to disable the MD5 
warning as requested. It should be off by default so the warning should get 
displayed at least once, but the user should have the option of disabling it if 
they want. The hard part will be deciding *where* to put this option, as 
WinHasher doesn't currently have a separate settings panel. That will probably 
be the hardest part to get "right". Perhaps we should create a new Settings tab 
and move the "show tooltips" checkbox in there along with this option.

Original issue reported on code.google.com by [email protected] on 20 Feb 2014 at 6:49
@gpfjeff gpfjeff self-assigned this Apr 18, 2015
gpfjeff added a commit that referenced this issue Jun 30, 2015
@gpfjeff
SVN Clean-up and Bouncy Castle Conversion
ee7928a 
This commit cleans up a few bits of cruft from our conversion from
Subversion to git, like removing the batch files and template files that
added SVN revision numbers to the application version numbers. git
doesn't have a concept like revision numbers; well, it does, but not
something that would be easy to add to a version number like the SVN
revisions. While I liked that convention, I'm afraid there's no easy
analog I can use from here on out.

I also started the transition from using Microsoft's Crypto API for the
hashing routines to the Legion of the Bouncy Castle. By moving to the
Bouncy Castle code, we can (a) add more hashing functions immediately
and (b) be better prepared to add new hashes (like SHA3) once the Bouncy
Castle folks release future updates. For now, the new hashes added are
SHA-224, RIPEMD-128, RIPEMD-256, RIPEMD-320, AND GOST3411. (While Bouncy
Castle supports MD2 and MD4, I elected not to support them in WinHasher;
I see MD5 being removed eventually as well.) This also means that the
internal implementations of Tiger and Whirlpool are no longer needed and
have been removed; both are already supported by the Bouncy Castle
library.

Also did a little bit of rearranging to consolidate a few things, like
converting hashes and output types to their display strings (and back)
within the WinHasherCore.HashEngine class rather than in a dozen
different places. This should also make it easier to add new hashes
later.

I also added changes to support using the main WinHasher app in
"portable" mode, meaning it will not make reads or writes to the
Registry while in GUI mode. To launch WinHasher in portable mode, add
the "-portable" command-line parameter on launch. Note that while the
SendTo shortcuts technically run in GUI mode, they don't launch the full
GUI and do not read or write to the Registry. None of the command-line
apps touch the Registry either, so the portable flag only affects the
main GUI app.

None of this really applies to any of the open issues, so there's still
a good bit left to tweak. The only issue touched here is #8; I removed
the private showMD5warning flag and all of its references, so the MD5
warning should never be displayed now. I'm not sure I'd consider this a
"fix", but I'll concede that it's an annoyance. We'll leave the warnings
to the documentation from here on out.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gpfjeff gpfjeff

Labels
auto-migrated Component-UI OpSys-Windows Priority-Medium Type-Enhancement Usability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GoogleCodeExporter @gpfjeff