Balazs Meszaros created PHOENIX-7851:
----------------------------------------
Summary: Reduce MD5 usage across the codebase
Key: PHOENIX-7851
URL: https://issues.apache.org/jira/browse/PHOENIX-7851
Project: Phoenix
Issue Type: New Feature
Reporter: Balazs Meszaros
To maintain {*}FIPS 140-3 compliance{*}, the use of insecure hash algorithms
like SHA-1 and MD5 is strictly prohibited for cryptographic purposes. While
these algorithms remain permissible for non-security functions, robust
collision handling is essential.
We have identified specific scenarios where Phoenix fails to adequately handle
collisions, which could be exploited using tools such as
[fastcoll|https://github.com/brimstone/fastcoll] orĀ
[hashclash|https://github.com/cr-marcstevens/hashclash].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
