Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
None
-
CLR 2.0; DOT.NET
Description
The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
file name is "safe" (mean: java-compat.) - the only case where I can see the
may have to use the same algorithm is if a java-lucene impl. access the
index with a writer at the same time as lucene.net - that would be rarely
the case: writing to the same index is only allowed by one writer.
First change required was to switch
private static System.Security.Cryptography.MD5 DIGESTER; to
private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
Last change is this:
#if FIPS_COMLIANT
// use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
DIGESTER = System.Security.Cryptography.SHA1.Create();
#else
// use the java compatible hash algorithm:
DIGESTER = System.Security.Cryptography.MD5.Create();
#endif
I will attach the .patch to.
Attachments
Attachments
Issue Links
- is duplicated by
-
LUCENENET-535 Add FIPS-Compliant flag that can be set at runtime
- Resolved