Ioan Eugen Stan created OFBIZ-12870:
---------------------------------------
Summary: Remove DES encryption from ofbiz crypto - insecure
algorithm
Key: OFBIZ-12870
URL: https://issues.apache.org/jira/browse/OFBIZ-12870
Project: OFBiz
Issue Type: Bug
Components: framework/base
Reporter: Ioan Eugen Stan
In my opinion OFBiz should remove or deprecate and remove the implementation
for DES crypto - class org.apache.ofbiz.base.crypto.DesCrypt .
DES encryption is broken and insecure to my knowledge
[https://en.wikipedia.org/wiki/Data_Encryption_Standard]
[https://www.techtarget.com/searchsecurity/tip/Expert-advice-Encryption-101-Triple-DES-explained]
[https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html]
In my opinion - it should be removed from the code in new releases.
If people have data encrypted with this they should migrate somehow.
Probably via an export-import?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
