You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, when I was browsing the code I found SHA1 and AES/ECB are still in use. Both of these two algorithms are insecure.
SHA1 is used as the default digest algorithm, and it's clear that SHA1 is no longer secure, so I recommend switch to be better algorithm like SHA256.
Cipher.getInstance(getType()) will be Cipher.getInstance("AES"), and Cipher.getInstance("AES") will use AES/ECB in default, which is insecure. I suggest specify the mode and padding rather than using the default one.
The text was updated successfully, but these errors were encountered:
shardingsphere is a database enhancement project, and I don't think it should or should be responsible for the security of the algorithm, because it provides the SPI mechanism to implement the algorithm you need.
Hello, when I was browsing the code I found SHA1 and AES/ECB are still in use. Both of these two algorithms are insecure.
SHA1 is used as the default digest algorithm, and it's clear that SHA1 is no longer secure, so I recommend switch to be better algorithm like SHA256.
Cipher.getInstance(getType())
will beCipher.getInstance("AES")
, andCipher.getInstance("AES")
will use AES/ECB in default, which is insecure. I suggest specify the mode and padding rather than using the default one.The text was updated successfully, but these errors were encountered: