Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-4702

MD5 Hash Algorithm in Phoenix which is insecure and easily cracked

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.7.0
    • Fix Version/s: None
    • Component/s: None

      Description

      Hi Team,

      We have ran a security check on 

      compile group: 'org.apache.phoenix', name: 'phoenix', version: '4.7.0-CLABS-1.3.0', classifier: 'client-minimal'

      and our security scan has reveled that phoenix is using a week encryption MD5 like
      digest = java.security.MessageDigest.getInstance("MD5")

      The hashing algorithm used, MD5, has been found by researchers to be unsafe for protecting sensitive data with today's technology.

      I have checked the https://github.com/apache/phoenix/tree/4.7.0-HBase-1.1 

      and also other versions it is still having the same algorithm. Is Phoenix team considering to use more stronger algorithm like SHA-256. Can you please let us know if this is already available any new versions of phoenix or in which version can this be made available if team is working on it. 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rvskoundinya Koundinya Ravulapati
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: