[ https://issues.apache.org/jira/browse/JAMES-2201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antoine Duprat closed JAMES-2201. --------------------------------- > Vulnerable to SHAttered attack > ------------------------------ > > Key: JAMES-2201 > URL: https://issues.apache.org/jira/browse/JAMES-2201 > Project: James Server > Issue Type: Bug > Components: mailbox > Affects Versions: master > Reporter: Thibaut SAUTEREAU > Priority: Minor > Fix For: master > > > Given the way SHA-1 is used to index attachments, it is vulnerable to the > SHAttered attack (https://shattered.io/), meaning you can overwrite the > attachment of a first email with a second email). > It is not critical yet as it took a lot of computational power from Google to > generate those 2 PDFs, but this issue will probably become widespread in > coming years and I think switching to SHA-256 for instance is a low hanging > fruit. > The same problem arises with Cassandra blob IDs. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org