Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
Description
In file https://github.com/apache/phoenix/blob/7987a74e6cea1103a028e128f98e2fb3c2252b82/phoenix-core/src/main/java/org/apache/phoenix/expression/function/MD5Function.java (at Line 42) "md5" algorithm has been used.
Security Impact:
The MD5 Message-Digest Algorithm is not collision-resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks
Useful Resources:
https://www.cvedetails.com/cve/CVE-2004-2761/
Solution we suggest:
Use Sha >= 256 algorithms instead
Please share with us your opinions/comments if there is any:
Is the bug report helpful?
Attachments
Issue Links
- duplicates
-
PHOENIX-4702 MD5 Hash Algorithm in Phoenix which is insecure and easily cracked
- Open