[jboss-jira] [JBoss JIRA] (JBAS-9453) AbstractAttachmentStore seems to be hard-coded to use MD5 message digest
Nicholas DiPiazza (Commented) (JIRA)
jira-events at lists.jboss.org
Wed Nov 23 13:21:40 EST 2011
[ https://issues.jboss.org/browse/JBAS-9453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12645216#comment-12645216 ]
Nicholas DiPiazza commented on JBAS-9453:
-----------------------------------------
If you look here:
http://anonsvn.jboss.org/repos/jbossas/tags/JBoss_5_1_0_GA/system/src/main/org/jboss/system/server/profileservice/repository/AbstractAttachmentStore.java
Line 439 MD5 is hard-coded to be used.
> AbstractAttachmentStore seems to be hard-coded to use MD5 message digest
> ------------------------------------------------------------------------
>
> Key: JBAS-9453
> URL: https://issues.jboss.org/browse/JBAS-9453
> Project: Legacy JBoss Application Server 6
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Affects Versions: JBossAS-5.1.0.GA
> Reporter: Nicholas DiPiazza
> Labels: AbstractAttachmentStore, FIPS
>
> We need to achieve FIPS compliance with JBoss 5.1.0 GA. However AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm.
> Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list