Koundinya Ravulapati created PHOENIX-4702:
---------------------------------------------
Summary: MD5 Hash Algorithm in Phoenix which is insecure and
easily cracked
Key: PHOENIX-4702
URL: https://issues.apache.org/jira/browse/PHOENIX-4702
Project: Phoenix
Issue Type: Improvement
Affects Versions: 4.7.0
Reporter: Koundinya Ravulapati
Hi Team,
We have ran a security check on
compile group: 'org.apache.phoenix', name: 'phoenix', version:
'4.7.0-CLABS-1.3.0', classifier: 'client-minimal'
and our security scan has reveled that phoenix is using a week encryption MD5
like
digest = java.security.MessageDigest.getInstance("MD5")
The hashing algorithm used, MD5, has been found by researchers to be unsafe for
protecting sensitive data with today's technology.
I have checked the [https://github.com/apache/phoenix/tree/4.7.0-HBase-1.1]
and also other versions it is still having the same algorithm. Is Phoenix team
considering to use more stronger algorithm like SHA-256. Can you please let us
know if this is already available any new versions of phoenix or in which
version can this be made available if team is working on it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
