[NIFI-8132] Replace Framework Uses of MD5 with Modern Algorithm - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.12.1
Fix Version/s: 1.14.0
Component/s: Core Framework
Labels:
- FIPS
- MD5
- security

Description

RFC 1321 was published in 1992 and described the MD5 message-digest algorithm. Multiple researchers have found security issues in the MD5 algorithm. The Federal Information Processing Standard 140-2 does not allow MD5 to be used.

Several NiFi framework classes use the MD5 algorithm for determining whether file contents have changed. Although these uses do not relate directly to encryption operations, use of the MD5 algorithm should be replaced with a modern algorithm that is not subject to the same security issues.

Attachments

Issue Links

links to

GitHub Pull Request #4788

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Jan/21 16:47

Updated:: 25/Feb/21 04:46

Resolved:: 22/Feb/21 22:57

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

4h 20m