Emmanuel Lecharny created DIRSERVER-2181:
--------------------------------------------
Summary: Considering demoting or deprecating MD5 and SHA1
Key: DIRSERVER-2181
URL: https://issues.apache.org/jira/browse/DIRSERVER-2181
Project: Directory ApacheDS
Issue Type: Improvement
Affects Versions: 2.0.0-M23
Reporter: Emmanuel Lecharny
Fix For: 2.0.0
SHA-1 is now proven to be breakable (although it would cost around 100k$ to
rent the GPUs to create a collision), and finding a collision for MD5 is just a
matter of seconds.
We should probably forbid the use of those 2 hashes when storing the password.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
