Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-2181

Considering demoting or deprecating MD5 and SHA1

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.0.0-M23
    • 2.0.0
    • authn
    • None

    Description

      SHA-1 is now proven to be breakable (although it would cost around 100k$ to rent the GPUs to create a collision), and finding a collision for MD5 is just a matter of seconds.

      We should probably forbid the use of those 2 hashes when storing the password.

      Attachments

        Activity

          People

            Unassigned Unassigned
            elecharny Emmanuel Lécharny
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: