diff --git a/picard/coverart/image.py b/picard/coverart/image.py index 8686992c616..b45b9c81d64 100644 --- a/picard/coverart/image.py +++ b/picard/coverart/image.py @@ -28,7 +28,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from hashlib import md5 +from hashlib import blake2b import os import shutil import tempfile @@ -77,9 +77,7 @@ def __init__(self, data, prefix='picard', suffix=''): self._filename = None _datafile_mutex.lock() try: - m = md5() # nosec - m.update(data) - self._hash = m.hexdigest() + self._hash = blake2b(data).hexdigest() if self._hash not in _datafiles: (fd, self._filename) = tempfile.mkstemp(prefix=prefix, suffix=suffix) QObject.tagger.register_cleanup(self.delete_file) diff --git a/picard/tagger.py b/picard/tagger.py index f4c643c1993..439221bce06 100644 --- a/picard/tagger.py +++ b/picard/tagger.py @@ -47,7 +47,7 @@ import argparse from functools import partial -from hashlib import md5 +from hashlib import blake2b import logging import os import platform @@ -1532,7 +1532,7 @@ def main(localedir=None, autoupdate=True): if picard_args.stand_alone_instance: identifier = uuid4().hex else: - identifier = md5(picard_args.config_file.encode('utf8')).hexdigest() if picard_args.config_file else 'main' # nosec: B303 + identifier = blake2b(picard_args.config_file.encode('utf8'), digest_size=16).hexdigest() if picard_args.config_file else 'main' # nosec: B303 identifier += '_NP' if picard_args.no_plugins else '' if picard_args.processable: