Ioan Eugen Stan created OFBIZ-12870: ---------------------------------------
Summary: Remove DES encryption from ofbiz crypto - insecure algorithm Key: OFBIZ-12870 URL: https://issues.apache.org/jira/browse/OFBIZ-12870 Project: OFBiz Issue Type: Bug Components: framework/base Reporter: Ioan Eugen Stan In my opinion OFBiz should remove or deprecate and remove the implementation for DES crypto - class org.apache.ofbiz.base.crypto.DesCrypt . DES encryption is broken and insecure to my knowledge [https://en.wikipedia.org/wiki/Data_Encryption_Standard] [https://www.techtarget.com/searchsecurity/tip/Expert-advice-Encryption-101-Triple-DES-explained] [https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html] In my opinion - it should be removed from the code in new releases. If people have data encrypted with this they should migrate somehow. Probably via an export-import? -- This message was sent by Atlassian Jira (v8.20.10#820010)