Use Blake2 instead of MD5

[igoose1]

What's the point of md5 usage?

fastapi-cache/fastapi_cache/key_builder.py

Line 17 in 63c9fd5

cache_key = hashlib.md5( # noqa: S324

md5 was proofed to be insecure. It's possible to find collisions fast. A potential attacker theoretically can send unique query parameters which weren't present in the past but which will be cache-hit. Although, it's difficult for me to make up an example where this is a security breach, it's still possible in a complex system.

Probably, md5 was chosen because of its speed. At least, code owners look aware of an issue. Linter warnings are ignored with "noqa" comments.

Though key builder can be changed manually, I'm suggesting to change an algorithm in the library. Blake2 is a faster and secure hashing algorithm included in Python standard library.

Benchmarks:

from http://www.blake2.net/

from https://medium.com/logos-network/benchmarking-hash-and-signature-algorithms-6079735ce05

[igoose1]

Update: I'm wrong with "A potential attacker theoretically can send unique query parameters which weren't present in the past but which will be cache-hit". Hashing is used only for code written by programmers. Then it's more difficult to make up a security issue here.