Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SHA1 and AES/ECB still in used #31223

Closed
Gax-c opened this issue May 14, 2024 · 1 comment
Closed

SHA1 and AES/ECB still in used #31223

Gax-c opened this issue May 14, 2024 · 1 comment

Comments

@Gax-c
Copy link

Gax-c commented May 14, 2024

Hello, when I was browsing the code I found SHA1 and AES/ECB are still in use. Both of these two algorithms are insecure.

SHA1 is used as the default digest algorithm, and it's clear that SHA1 is no longer secure, so I recommend switch to be better algorithm like SHA256.

Cipher.getInstance(getType()) will be Cipher.getInstance("AES"), and Cipher.getInstance("AES") will use AES/ECB in default, which is insecure. I suggest specify the mode and padding rather than using the default one.
@zzyReal666
Copy link
Contributor

shardingsphere is a database enhancement project, and I don't think it should or should be responsible for the security of the algorithm, because it provides the SPI mechanism to implement the algorithm you need.

@Gax-c Gax-c closed this as completed May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zzyReal666 @Gax-c