doc: Add security notice for filemd5 and filesha1 functions

pull/34896/head
Zhiwei Liang 2 years ago
parent 0fe733acf0
commit 4191d605ee
No known key found for this signature in database
GPG Key ID: F7BD9026DE71089B

@ -13,3 +13,8 @@ that hashes the contents of a given file rather than a literal string.
This is similar to `md5(file(filename))`, but
because [`file`](/terraform/language/functions/file) accepts only UTF-8 text it cannot be used to
create hashes for binary files.
Collision attacks have been successfully performed against this hashing
function. Before using this function for anything security-sensitive, refer to
[RFC 6151](https://tools.ietf.org/html/rfc6151) for updated security
considerations applying to the MD5 algorithm.

@ -13,3 +13,7 @@ that hashes the contents of a given file rather than a literal string.
This is similar to `sha1(file(filename))`, but
because [`file`](/terraform/language/functions/file) accepts only UTF-8 text it cannot be used to
create hashes for binary files.
Collision attacks have been successfully performed against this hashing
function. Before using this function for anything security-sensitive, review
relevant literature to understand the security implications.

Loading…
Cancel
Save