Strickly speaking MD5 is not an encryption algorithm but is a cryptographic hash function. However, since common terminology calls it encryption we will use that term.
End-Of-Life
According to an article in ZDNet by Zack Whittaker, MD5 password encryption is considered too vunerable to attack because of increasingly powerful hardware and attack techniques, "The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is 'no longer considered safe' to use on commercial websites. 'I implore everybody to migrate to a stronger password scrambler without undue delay," he wrote in a blog post.'"
Here is another article that goes into considerable detail on the MD5 security vulnerablities.
While JasperReports Server and library support MD5 encryption, Jaspersoft highly encourages our users to consider another more secure encryption technology such as SHA-256, SHA-512 or Triple DES, which is the default encryption method in JasperReports. Here is an Password Storage Cheat Sheet that spells out proper password hashing techniques. Also, Threat Model for Secure Password Storage.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now