[ https://issues.apache.org/jira/browse/WSS-680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-680. ------------------------------------- Resolution: Won't Fix That class uses SHA-1 as per (old) specs. > Usage of broken hash algorithm detected > --------------------------------------- > > Key: WSS-680 > URL: https://issues.apache.org/jira/browse/WSS-680 > Project: WSS4J > Issue Type: Improvement > Reporter: Md Mahir Asef Kabir > Assignee: Colm O hEigeartaigh > Priority: Major > > In file > [https://github.com/apache/ws-wss4j/blob/7923539117127296a65392f4c83ebd885386b7e4/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java] > (at Line 96) "SHA-1" algorithm has been used. > *Security Impact*: > SHA-1 algorithm can be broken in an hour. And because digital fingerprints > generated with it can be forged. > *Useful Resources*: > https://cwe.mitre.org/data/definitions/327.html > *Solution we suggest*: > Use Sha >= 256 algorithms instead > *Please share with us your opinions/comments if there is any*: > Is the bug report helpful? -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org