[jboss-jira] [JBoss JIRA] (JBAS-9453) org/jboss/system/server/profileservice/repository/AbstractAttachmentStore.java seems to be hard-coded to use MD5 message digest

Nicholas DiPiazza (Updated) (JIRA) jira-events at lists.jboss.org
Wed Nov 23 13:29:40 EST 2011 

     [ https://issues.jboss.org/browse/JBAS-9453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nicholas DiPiazza updated JBAS-9453:
------------------------------------

        Summary: org/jboss/system/server/profileservice/repository/AbstractAttachmentStore.java seems to be hard-coded to use MD5 message digest  (was: AbstractAttachmentStore seems to be hard-coded to use MD5 message digest)
    Description: 
We have a requirement that we cannot use weak security algorithms in our environment. We are using JBoss 5.1.0 GA. However org/jboss/system/server/profileservice/repository/AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm for us.

Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones. 

  was:
We have a requirement that we cannot use weak security algorithms in our environment. We are using JBoss 5.1.0 GA. However AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm for us.

Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones. 


    
> org/jboss/system/server/profileservice/repository/AbstractAttachmentStore.java seems to be hard-coded to use MD5 message digest
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBAS-9453
>                 URL: https://issues.jboss.org/browse/JBAS-9453
>             Project: Legacy JBoss Application Server 6 
>          Issue Type: Enhancement
>      Security Level: Public(Everyone can see) 
>    Affects Versions: JBossAS-5.1.0.GA
>            Reporter: Nicholas DiPiazza
>              Labels: AbstractAttachmentStore, FIPS
>
> We have a requirement that we cannot use weak security algorithms in our environment. We are using JBoss 5.1.0 GA. However org/jboss/system/server/profileservice/repository/AbstractAttachmentStore.java seems to be hard-coded to use MD5, which is not an acceptable hashing algorithm for us.
> Is there some way besides changing the source code ourselves and hard-coding it to a stronger algorithm? It would be nice if it would try SHA, etc. and some others and only choose to use MD5 if it can't find stronger ones. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list