Use of Weak Hashing Algorithms (MD5 and SHA1) during Client Initialization

[tianjk99]

Please check if there is any problem with using weak cryptographic algorithms.
The current implementation in the code utilizes the MD5 and SHA1 hash algorithm, which is considered weak and vulnerable to attacks such as collision and preimage attacks. This poses a security risk as it can potentially be exploited by malicious actors to compromise the integrity and confidentiality of the WebSocket communication.

1. bcoin-master\node_modules\bsock\vendor\faye-websocket.js, line 1462
2. bcoin-master\node_modules\bsock\vendor\faye-websocket.js, line 2919

Hybi.generateAccept = function(key) { var sha1 = crypto.createHash('sha1'); sha1.update(key + Hybi.GUID); return sha1.digest('base64'); };

` _handshakeSignature: function() {
if (this._body.length < this.BODY_SIZE) return null;

var md5    = crypto.createHash('md5'),
    buffer = new Buffer(8 + this.BODY_SIZE);

buffer.writeUInt32BE(this._keyValues[0], 0);
buffer.writeUInt32BE(this._keyValues[1], 4);
new Buffer(this._body).copy(buffer, 8, 0, this.BODY_SIZE);

md5.update(buffer);
return new Buffer(md5.digest('binary'), 'binary');

},`

[Sintayew4]

#1174