From 14d6b1de8db0b02f520e292f77e1ca23e241c205 Mon Sep 17 00:00:00 2001
From: timalive <timothy.vieyra@gmail.com>
Date: Wed, 22 Nov 2017 14:20:50 +0200
Subject: [PATCH 1/2] Update DigestAuthenticate.php

---
 src/Auth/DigestAuthenticate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Auth/DigestAuthenticate.php b/src/Auth/DigestAuthenticate.php
index ff8437ff3cc..aca32981b7a 100644
--- a/src/Auth/DigestAuthenticate.php
+++ b/src/Auth/DigestAuthenticate.php
@@ -277,7 +277,7 @@ protected function validNonce($nonce)
         if ($expires < microtime(true)) {
             return false;
         }
-        $check = hash_hmac('sha1', $expires . ':' . $this->getConfig('secret'), $this->getConfig('secret'));
+        $check = hash_hmac('sha256', $expires . ':' . $this->getConfig('secret'), $this->getConfig('secret'));
 
         return hash_equals($check, $checksum);
     }

From efbd95642f6ca8f9b8e6a66d06665fafb142bacc Mon Sep 17 00:00:00 2001
From: timalive <timothy.vieyra@gmail.com>
Date: Wed, 22 Nov 2017 14:58:26 +0200
Subject: [PATCH 2/2] Update DigestAuthenticate.php

---
 src/Auth/DigestAuthenticate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Auth/DigestAuthenticate.php b/src/Auth/DigestAuthenticate.php
index aca32981b7a..72aa795edde 100644
--- a/src/Auth/DigestAuthenticate.php
+++ b/src/Auth/DigestAuthenticate.php
@@ -86,7 +86,7 @@ public function __construct(ComponentRegistry $registry, array $config = [])
     {
         $this->setConfig([
             'nonceLifetime' => 300,
-            'secret' => Configure::read('Security.salt'),
+            'secret' => Security::getSalt(),
             'realm' => null,
             'qop' => 'auth',
             'opaque' => null,