Support for Newer Digest Authentication (RFC 7616)

Open karansachdeva24 opened this issue 3 years ago • 2 comments

RFC 7616 has been officially made available for several years now but Spring Security still only supports RFC 2617 for digest auth.

Current Behavior The current digest auth in Spring Security uses MD5 for hashing purposes which is no longer considered secure

Context

All of our web services use digest auth and in order to ensure we continue to maintain up to date security standards in terms of crypto/hashing algorithm, we want to move to stronger hashing algorithm like SHA256

Apr 18 '22 01:04 karansachdeva24

Thanks for the suggestion @karansachdeva24 and welcome to the project!

I have added this to the 6.x milestone for now, but we will need to see if there is availability and interest to work on it.

Apr 18 '22 20:04 sjohnr

Thanks @sjohnr for considering the request. Looking forward to it.

Apr 21 '22 02:04 karansachdeva24