You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Nathan Gough (Jira)" <ji...@apache.org> on 2021/02/22 22:58:00 UTC

[jira] [Updated] (NIFI-8132) Replace Framework Uses of MD5 with Modern Algorithm

     [ https://issues.apache.org/jira/browse/NIFI-8132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nathan Gough updated NIFI-8132:
-------------------------------
    Fix Version/s: 1.14.0
           Status: In Progress  (was: Patch Available)

> Replace Framework Uses of MD5 with Modern Algorithm
> ---------------------------------------------------
>
>                 Key: NIFI-8132
>                 URL: https://issues.apache.org/jira/browse/NIFI-8132
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.12.1
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>              Labels: FIPS, MD5, security
>             Fix For: 1.14.0
>
>          Time Spent: 4h 20m
>  Remaining Estimate: 0h
>
> [RFC 1321|https://tools.ietf.org/html/rfc1321] was published in 1992 and described the MD5 message-digest algorithm. Multiple researchers have found [security issues|https://en.wikipedia.org/wiki/MD5#Security] in the MD5 algorithm. The Federal Information Processing Standard 140-2 does not allow MD5 to be used.
> Several NiFi framework classes use the MD5 algorithm for determining whether file contents have changed. Although these uses do not relate directly to encryption operations, use of the MD5 algorithm should be replaced with a modern algorithm that is not subject to the same security issues.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)