Hi everyone,Google announced the first SHA1 collision [1]. See [2] for in-depth explanations. It's recommended to migrate to safer cryptographic hashes such as SHA-2 or SHA-3 as soon as possible. See [3] for an overview of SHA. SHA-3 was announced as the official new standard [4].
Let's discuss how we want to deal with this in OFBiz, any help is greatly appreciated.
Best regards, Michael[1] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
[2] https://shattered.io/static/shattered.pdf [3] https://en.wikipedia.org/wiki/Secure_Hash_Algorithm[4] https://www.federalregister.gov/documents/2015/08/05/2015-19181/announcing-approval-of-federal-information-processing-standard-fips-202-sha-3-standard
smime.p7s
Description: S/MIME Cryptographic Signature
