directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-2181) Considering demoting or deprecating MD5 and SHA1
Date Tue, 28 Feb 2017 16:20:45 GMT
Emmanuel Lecharny created DIRSERVER-2181:
--------------------------------------------

             Summary: Considering demoting or deprecating MD5 and SHA1
                 Key: DIRSERVER-2181
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2181
             Project: Directory ApacheDS
          Issue Type: Improvement
    Affects Versions: 2.0.0-M23
            Reporter: Emmanuel Lecharny
             Fix For: 2.0.0


SHA-1 is now proven to be breakable (although it would cost around 100k$ to rent the GPUs
to create a collision), and finding a collision for MD5 is just a matter of seconds.

We should probably forbid the use of those 2 hashes when storing the password.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message