[jira] [Updated] (DIRSERVER-2181) Considering demoting or deprecating MD5 and SHA1

Emmanuel Lecharny (JIRA) Fri, 14 Jun 2019 04:17:20 -0700


     [ 
https://issues.apache.org/jira/browse/DIRSERVER-2181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Emmanuel Lecharny updated DIRSERVER-2181:
-----------------------------------------
    Component/s: authn

> Considering demoting or deprecating MD5 and SHA1
> ------------------------------------------------
>
>                 Key: DIRSERVER-2181
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2181
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: authn
>    Affects Versions: 2.0.0-M23
>            Reporter: Emmanuel Lecharny
>            Priority: Major
>             Fix For: 2.0.0
>
>
> SHA-1 is now proven to be breakable (although it would cost around 100k$ to 
> rent the GPUs to create a collision), and finding a collision for MD5 is just 
> a matter of seconds.
> We should probably forbid the use of those 2 hashes when storing the password.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (DIRSERVER-2181) Considering demoting or deprecating MD5 and SHA1

Reply via email to