I agree it is unlikely that the JDK will lose support for SHA-1 because it is used commonly, as is MD5. So please feel free to use it.
Karl On Wed, Mar 3, 2021 at 7:54 PM Shirai Takashi/ 白井隆 <shi...@nintendo.co.jp> wrote: > Hi, Horn. > > Jörn Franke wrote: > >Makes sense > > I don't think that it's easy. > > > >>> Maybe use SHA-256 or later. SHA-1 is obsolete and one never knows when > it will be removed from JDK. > > I also know SHA-1 is dangerous. > Someone can generate the string which is hashed into the same SHA-1 to > pretend another one. > Then SHA-1 should not be used with certifications. > The future JDK may stop using SHA-1 with certifications. > But JDK will never stop supporting SHA-1 algorism. > > If SHA-1 is removed from JDK, > ManifoldCF can not be built for reasons of another using of SHA-1. > Some connectors already use SHA-1 as the ID value, > then the previous saved records will be inaccessible. > I can use SHA-256 with Elasticsearch connector. > How should the other SHA-1 be managed? > > ---- > Nintendo, Co., Ltd. > Product Technology Dept. > Takashi SHIRAI > PHONE: +81-75-662-9600 > mailto:shi...@nintendo.co.jp >
