[
https://issues.apache.org/jira/browse/JAMES-2201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Antoine Duprat closed JAMES-2201.
---------------------------------
> Vulnerable to SHAttered attack
> ------------------------------
>
> Key: JAMES-2201
> URL: https://issues.apache.org/jira/browse/JAMES-2201
> Project: James Server
> Issue Type: Bug
> Components: mailbox
> Affects Versions: master
> Reporter: Thibaut SAUTEREAU
> Priority: Minor
> Fix For: master
>
>
> Given the way SHA-1 is used to index attachments, it is vulnerable to the
> SHAttered attack (https://shattered.io/), meaning you can overwrite the
> attachment of a first email with a second email).
> It is not critical yet as it took a lot of computational power from Google to
> generate those 2 PDFs, but this issue will probably become widespread in
> coming years and I think switching to SHA-256 for instance is a low hanging
> fruit.
> The same problem arises with Cassandra blob IDs.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
