[ https://issues.apache.org/jira/browse/PHOENIX-6369?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Geoffrey Jacoby resolved PHOENIX-6369. -------------------------------------- Resolution: Duplicate See the discussion on PHOENIX-4702, when a different user reported use of MD5 within the Phoenix code base. To sum up, Phoenix does not use MD5 as a cryptographic hash. It provides MD5 as a SQL function that users can call, and it uses it internally as part of the old index scrutiny tool. It would be a useful future feature to provide a more robust, modern cryptographic hash as a SQL function in Phoenix. > Usage of broken hash algorithm detected > --------------------------------------- > > Key: PHOENIX-6369 > URL: https://issues.apache.org/jira/browse/PHOENIX-6369 > Project: Phoenix > Issue Type: Improvement > Reporter: Md Mahir Asef Kabir > Priority: Major > > In file > [https://github.com/apache/phoenix/blob/7987a74e6cea1103a028e128f98e2fb3c2252b82/phoenix-core/src/main/java/org/apache/phoenix/expression/function/MD5Function.java] > (at Line 42) "md5" algorithm has been used. > *Security Impact*: > The MD5 Message-Digest Algorithm is not collision-resistant, which makes it > easier for context-dependent attackers to conduct spoofing attacks > *Useful Resources*: > https://www.cvedetails.com/cve/CVE-2004-2761/ > *Solution we suggest*: > Use Sha >= 256 algorithms instead > *Please share with us your opinions/comments if there is any*: > Is the bug report helpful? -- This message was sent by Atlassian Jira (v8.3.4#803005)