Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java #780

Closed
ptsankov opened this issue Apr 11, 2018 · 3 comments
Closed

Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java #780

ptsankov opened this issue Apr 11, 2018 · 3 comments
Assignees
@yurem
Milestone
3.1.3

Comments

@ptsankov
Copy link

The above implementations use the older SHA-1 hash function:

MessageDigest sha = MessageDigest.getInstance("SHA-1");

SHA-1 is considered insecure and it is suggested to switch to a newer version.
yurem added a commit that referenced this issue Apr 13, 2018
@yurem
Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java #780
9c53a00
yurem added a commit that referenced this issue Apr 13, 2018
@yurem
Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java #780
139e223
@yurem yurem added this to the 3.1.3 milestone Apr 13, 2018
@yurem
Copy link
Contributor

yurem commented Apr 13, 2018

@qbert2k can you review this update. I've changed SHA-1 -> SHA-256

@qbert2k
Copy link
Contributor

qbert2k commented Apr 14, 2018

@yurem: It's working fine.

@yurem
Copy link
Contributor

yurem commented Apr 16, 2018

@qbert2k Thank you for feedback.

@yurem yurem closed this as completed Apr 16, 2018
yurem added a commit that referenced this issue Apr 18, 2018
@yurem
Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java #780
f973540
yurem added a commit that referenced this issue Apr 18, 2018
@yurem
Use of SHA-1 in JweEncrypterImpl.java and JweDecrypterImpl.java #780
57f7ab2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yurem yurem

Labels
None yet
Projects
None yet
Milestone
3.1.3
Development

No branches or pull requests
3 participants
@ptsankov @qbert2k @yurem