[
https://issues.apache.org/jira/browse/JCR-4115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15882315#comment-15882315
]
Tommaso Teofili commented on JCR-4115:
--------------------------------------
bq. Not sure if AbstractDataStore.HmacSHA1 is also affected or not.
I'm not sure either (probably not), in case we would need to have ADS work on
both algos (HmacSHA1 and e.g. HmacSHA256).
> Don't use SHA-1 for new DataStore binaries (Jackrabbit)
> -------------------------------------------------------
>
> Key: JCR-4115
> URL: https://issues.apache.org/jira/browse/JCR-4115
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Reporter: Thomas Mueller
> Attachments: JCR-4115.patch
>
>
> A collision for SHA-1 has been published. We still use SHA-1 for the
> FileDataStore, and I believe the S3 DataStore right now. Given there is a
> collision, we should switch to a stronger algorithm, for example SHA-256, for
> new binaries.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
