Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-4702

MD5 Hash Algorithm in Phoenix which is insecure and easily cracked

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 4.7.0
    • None
    • None

    Description

      Hi Team,

      We have ran a security check on 

      compile group: 'org.apache.phoenix', name: 'phoenix', version: '4.7.0-CLABS-1.3.0', classifier: 'client-minimal'

      and our security scan has reveled that phoenix is using a week encryption MD5 like
      digest = java.security.MessageDigest.getInstance("MD5")

      The hashing algorithm used, MD5, has been found by researchers to be unsafe for protecting sensitive data with today's technology.

      I have checked the https://github.com/apache/phoenix/tree/4.7.0-HBase-1.1 

      and also other versions it is still having the same algorithm. Is Phoenix team considering to use more stronger algorithm like SHA-256. Can you please let us know if this is already available any new versions of phoenix or in which version can this be made available if team is working on it. 

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. PHOENIX-6369 Usage of broken hash algorithm detected

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              rvskoundinya Koundinya Ravulapati
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: