Thanks for scrutinising the codebase!
You are absolutely right that there is no need for creating a hash. This was just plain laziness on my part. I've created an issue (https://github.com/remie/YouTransfer/issues/101) to change the token generation.
Just to reiterate what dchest said, you should never use MD5 anymore, even if you do intent to hash something. MD5 is is broken and should not be used for anything anymore.
Yes, there aren't any known attacks right now, but since MD5 itself already has practical collision attacks against it, there isn't any good reason to use HMAC-MD5 in a new cryptosystem when there are better alternatives.
---
Supporting evidence: new versions of OpenSSHD do not use HMAC-MD5 by default anymore: it has to be enabled manually.
The default is:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
umac-64@openssh.com,umac-128@openssh.com,
hmac-sha2-256,hmac-sha2-512
Of course, you'll have to use whatever the third-party API uses, which includes Gravatar, but don't use it for anything under your control.
Replace with:
- BLAKE2 if you need a fast cryptographic hash function (e.g. for hashing file contents)
- SHA512 (or SHA256, or SHA-3) if you want a standard cryptographic hash function that is available in your programming language libraries
(Speaking of Gravatar, their use of md5(email) or even more secure hash function won't help protect email addresses against dedicated attackers, as it's easy to iterate over billions of them in seconds, just like in the stories about password cracking you hear, but it works as a simple anti-spam measure.)
Do you ask for that with the awareness that gravatar then gets to track your presence around the internet for the cost of a tiny picture?
I would rather have less ad tracking pixels on someone elses websites if possible, but I am genuinely interested in the value that gravatar provides to people who like the service.
There's a lot of things that can track presence around the web and gravatar's not one of them. Iff you decide to implement gravatar without mirroring their images, avatars are indeed loaded on their first query (and not subsequent ones) and, god knows what they're doing with that information ohgod. They certainly can't "track my presence around the web", though - no js means no fingerprinting, no tracking cookie, nothing. Juuuust a blind IP address.
But the recommended way is to prefetch the avatars directly from your server and offer them on your own cdn.
As for the value it provides, well for one thing I pretty much never have to upload my avatar to websites anymore - it's an avatar attached to my email addresses instead and that's very nice. Of course I'd prefer a proper identity protocol but nobody's working on one. If you want to, be my guest...
I think we disagree on one basic topic, I dont want an easily distinguishable identity to track across the internet.
I would rather external actors (say gravatar does nothing wrong) not be able to identify which email address I use on a site they do not own, and not be able to track my user signups by something that might be public information, which generally a site does not advertise.
Unlike every actual tracker on the internet, Gravatar is opt-in. Things like google analytics, facebook like button/tweet button etc, they are all opt-out.
I've opted for the 16 bits version right now as it fits better in the UI. There will be an additional issue to deal with improving the bitrate as well as making a suitable UI for it.
EDIT: I'm using `crypto.randomBytes(16).toString('hex')` to be precise
Great! Make sure it's long enough: at least 16 bytes (32 hex characters) if you want to keep compatibility with current tokens, 32 bytes (64 hex characters) ideally.
