MD5 password encryption is insecure

Table of Contents 

Strickly speaking MD5 is not an encryption algorithm but is a cryptographic hash function. However, since common terminology calls it encryption we will use that term.

End-Of-Life

According to an article in ZDNet by Zack Whittaker, MD5 password encryption is considered too vunerable to attack because of increasingly powerful hardware and attack techniques, "The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is 'no longer considered safe' to use on commercial websites. 'I implore everybody to migrate to a stronger password scrambler without undue delay," he wrote in a blog post.'"

Here is another article that goes into considerable detail on the MD5 security vulnerablities.

While JasperReports Server and library support MD5 encryption, Jaspersoft highly encourages our users to consider another more secure encryption technology such as SHA-256, SHA-512 or Triple DES, which is the default encryption method in JasperReports. Here is an Password Storage Cheat Sheet that spells out proper password hashing techniques. Also, Threat Model for Secure Password Storage.

Feedback