Jump to content
Changes to the Jaspersoft community edition download ×
  • MD5 password encryption is insecure

    • Features: JasperReports Server, User Authorization Version: v5.5 Product: JasperReports® Server

    Strickly speaking MD5 is not an encryption algorithm but is a cryptographic hash function. However, since common terminology calls it encryption we will use that term.


    According to an article in ZDNet by Zack Whittaker, MD5 password encryption is considered too vunerable to attack because of increasingly powerful hardware and attack techniques, "The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is 'no longer considered safe' to use on commercial websites. 'I implore everybody to migrate to a stronger password scrambler without undue delay," he wrote in a blog post.'"

    Here is another article that goes into considerable detail on the MD5 security vulnerablities.

    While JasperReports Server and library support MD5 encryption, Jaspersoft highly encourages our users to consider another more secure encryption technology such as SHA-256, SHA-512 or Triple DES, which is the default encryption method in JasperReports. Here is an Password Storage Cheat Sheet that spells out proper password hashing techniques. Also, Threat Model for Secure Password Storage.

    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...