[OFBIZ-12870] Remove DES encryption from ofbiz crypto - insecure algorithm - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: framework/base
Labels:
None

Description

In my opinion OFBiz should remove or deprecate and remove the implementation for DES crypto - class org.apache.ofbiz.base.crypto.DesCrypt .

DES encryption is broken and insecure to my knowledge

https://en.wikipedia.org/wiki/Data_Encryption_Standard

https://www.techtarget.com/searchsecurity/tip/Expert-advice-Encryption-101-Triple-DES-explained

https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html

In my opinion - it should be removed from the code in new releases.

If people have data encrypted with this they should migrate somehow.

Probably via an export-import?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Ioan Eugen Stan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Dec/23 22:45

Updated:: 05/Dec/23 22:45