[jira] [Created] (ARTEMIS-3103) Replace blowfish with a more secure encryption algorithm

Ying Zhang (Jira) Fri, 05 Feb 2021 17:46:06 -0800

Ying Zhang created ARTEMIS-3103:
-----------------------------------

             Summary: Replace blowfish with a  more secure encryption algorithm
                 Key: ARTEMIS-3103
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3103
             Project: ActiveMQ Artemis
          Issue Type: Improvement
          Components: API
            Reporter: Ying Zhang



In file 
apache/activemq-artemis/blob/52263663c48082227916cc3477f8892d9f10134b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.javaThe
 blowfish is used for encryption sensitive information

*Security Impact*:

Blowfish's use of 64-bit block size (as opposed to e.g. AES's 128-bit block 
size) makes it vulnerable to [birthday 
attacks|https://en.wikipedia.org/wiki/Birthday_attack], particularly in 
contexts like [HTTPS|https://en.wikipedia.org/wiki/HTTPS]. In 2016, the SWEET32 
attack demonstrated how to leverage birthday attacks to perform plaintext 
recovery (i.e. decrypting ciphertext) against ciphers with 64-bit block size.

*Useful Resources*:

https://cwe.mitre.org/data/definitions/319.html

*Please share with us your opinions/comments if there is any:*

Is the bug report helpful?

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ARTEMIS-3103) Replace blowfish with a more secure encryption algorithm

Reply via email to