I am running a Veracode scan on our application, and I’m getting this vulnerability:
Use of a Broken or Risky Cryptographic Algorithm
… on this line of code:
final Mac mac = Mac.getInstance(getEncryptionAlgorithm());
Where the value returned by “getEncryptionAlgorithm()” is “HmacSHA1”.
Is a more secure algorithm available?