phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koundinya Ravulapati (JIRA)" <j...@apache.org>
Subject [jira] [Created] (PHOENIX-4702) MD5 Hash Algorithm in Phoenix which is insecure and easily cracked
Date Mon, 23 Apr 2018 20:17:00 GMT
Koundinya Ravulapati created PHOENIX-4702:
---------------------------------------------

             Summary: MD5 Hash Algorithm in Phoenix which is insecure and easily cracked
                 Key: PHOENIX-4702
                 URL: https://issues.apache.org/jira/browse/PHOENIX-4702
             Project: Phoenix
          Issue Type: Improvement
    Affects Versions: 4.7.0
            Reporter: Koundinya Ravulapati


Hi Team,

We have ran a security check on 

compile group: 'org.apache.phoenix', name: 'phoenix', version: '4.7.0-CLABS-1.3.0', classifier:
'client-minimal'

and our security scan has reveled that phoenix is using a week encryption MD5 like
digest = java.security.MessageDigest.getInstance("MD5")

The hashing algorithm used, MD5, has been found by researchers to be unsafe for protecting
sensitive data with today's technology.

I have checked the [https://github.com/apache/phoenix/tree/4.7.0-HBase-1.1] 

and also other versions it is still having the same algorithm. Is Phoenix team considering
to use more stronger algorithm like SHA-256. Can you please let us know if this is already
available any new versions of phoenix or in which version can this be made available if team
is working on it. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message