[OAK-5827] Don't use SHA-1 for new DataStore binaries - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.7.0, 1.6.4, 1.8.0
Component/s: None
Labels:
- candidate_oak_1_4

Description

A collision for SHA-1 has been published. We still use SHA-1 for the FileDataStore, and I believe the S3 DataStore right now. Given there is a collision, we should switch to a stronger algorithm, for example SHA-256, for new binaries.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

OAK-5827b.patch
01/Mar/17 06:04
6 kB
Amit Jain
OAK-5827.patch
24/Feb/17 10:08
3 kB
Thomas Mueller

Issue Links

is blocked by

JCR-4115 Don't use SHA-1 for new DataStore binaries (Jackrabbit)

Closed

OAK-5883 Update Oak trunk to Jackrabbit 2.15.1

Closed

is related to

OAK-4810 FileDataStore: support SHA-2

Resolved

relates to

OAK-6442 Update Oak 1.6 to Jackrabbit 2.14.2

Closed

Activity

People

Assignee:

Amit Jain

Reporter:

Thomas Mueller

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

24/Feb/17 07:06

Updated:

16/Feb/21 09:52

Resolved:

09/Mar/17 09:55