支持弱算法或受损算法

¥Support for weak or compromised algorithms

node:crypto 模块仍然支持一些已经被销毁并且目前不推荐使用的算法。API 还允许使用对于安全使用来说太弱的小密钥大小的密码和散列。

¥The node:crypto module still supports some algorithms which are already compromised and are not currently recommended for use. The API also allows the use of ciphers and hashes with a small key size that are too weak for safe use.

用户应根据自己的安全要求对选择加密算法和密钥大小负全部责任。

¥Users should take full responsibility for selecting the crypto algorithm and key size according to their security requirements.

基于 NIST SP 800-131A 的建议：

¥Based on the recommendations of NIST SP 800-131A:

• MD5 和 SHA-1 在需要抗冲突性（例如数字签名）的情况下不再被接受。

  ¥MD5 and SHA-1 are no longer acceptable where collision resistance is required such as digital signatures.

• RSA、DSA 和 DH 算法使用的密钥建议至少 2048 位，ECDSA 和 ECDH 的曲线至少 224 位，才能安全使用几年。

  ¥The key used with RSA, DSA, and DH algorithms is recommended to have at least 2048 bits and that of the curve of ECDSA and ECDH at least 224 bits, to be safe to use for several years.

• modp1、modp2、modp5 的 DH 组密钥长度小于 2048 位，不推荐使用。

  ¥The DH groups of modp1, modp2 and modp5 have a key size smaller than 2048 bits and are not recommended.

有关其他建议和详细信息，请参阅参考资料。

¥See the reference for other recommendations and details.